VirtualBox

source: vbox/trunk/include/iprt/nt/nt.h@ 62605

Last change on this file since 62605 was 62592, checked in by vboxsync, 9 years ago

IPRT: More unused parameters and undefined preprocessor macor warning (C4668) fixes/workarounds. The latter triggers in stdint.h from the compiler and in windows SDK/DDK headers.
  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 121.1 KB
Line 
1/* $Id: nt.h 62592 2016-07-27 13:24:48Z vboxsync $ */
2/** @file
3 * IPRT - Header for code using the Native NT API.
4 */
5
6/*
7 * Copyright (C) 2010-2016 Oracle Corporation
8 *
9 * This file is part of VirtualBox Open Source Edition (OSE), as
10 * available from http://www.virtualbox.org. This file is free software;
11 * you can redistribute it and/or modify it under the terms of the GNU
12 * General Public License (GPL) as published by the Free Software
13 * Foundation, in version 2 as it comes in the "COPYING" file of the
14 * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
15 * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
16 *
17 * The contents of this file may alternatively be used under the terms
18 * of the Common Development and Distribution License Version 1.0
19 * (CDDL) only, as it comes in the "COPYING.CDDL" file of the
20 * VirtualBox OSE distribution, in which case the provisions of the
21 * CDDL are applicable instead of those of the GPL.
22 *
23 * You may elect to license modified versions of this file under the
24 * terms and conditions of either the GPL or the CDDL or both.
25 */
26
27#ifndef ___iprt_nt_nt_h___
28#define ___iprt_nt_nt_h___
29
30/** @def IPRT_NT_MAP_TO_ZW
31 * Map Nt calls to Zw calls. In ring-0 the Zw calls let you pass kernel memory
32 * to the APIs (takes care of the previous context checks).
33 */
34#ifdef DOXYGEN_RUNNING
35# define IPRT_NT_MAP_TO_ZW
36#endif
37
38#ifdef IPRT_NT_MAP_TO_ZW
39# define NtQueryInformationFile ZwQueryInformationFile
40# define NtQueryInformationProcess ZwQueryInformationProcess
41# define NtQueryInformationThread ZwQueryInformationThread
42# define NtQuerySystemInformation ZwQuerySystemInformation
43# define NtQuerySecurityObject ZwQuerySecurityObject
44# define NtClose ZwClose
45# define NtCreateFile ZwCreateFile
46# define NtReadFile ZwReadFile
47# define NtWriteFile ZwWriteFile
48# define NtFlushBuffersFile ZwFlushBuffersFile
49/** @todo this is very incomplete! */
50#endif
51
52#include <ntstatus.h>
53
54/*
55 * Hacks common to both base header sets.
56 */
57#define RtlFreeUnicodeString WrongLinkage_RtlFreeUnicodeString
58#define NtQueryObject Incomplete_NtQueryObject
59#define ZwQueryObject Incomplete_ZwQueryObject
60#define NtSetInformationObject Incomplete_NtSetInformationObject
61#define _OBJECT_INFORMATION_CLASS Incomplete_OBJECT_INFORMATION_CLASS
62#define OBJECT_INFORMATION_CLASS Incomplete_OBJECT_INFORMATION_CLASS
63#define ObjectBasicInformation Incomplete_ObjectBasicInformation
64#define ObjectTypeInformation Incomplete_ObjectTypeInformation
65#define _PEB Incomplete__PEB
66#define PEB Incomplete_PEB
67#define PPEB Incomplete_PPEB
68#define _TEB Incomplete__TEB
69#define TEB Incomplete_TEB
70#define PTEB Incomplete_PTEB
71#define _PEB_LDR_DATA Incomplete__PEB_LDR_DATA
72#define PEB_LDR_DATA Incomplete_PEB_LDR_DATA
73#define PPEB_LDR_DATA Incomplete_PPEB_LDR_DATA
74#define _KUSER_SHARED_DATA Incomplete__KUSER_SHARED_DATA
75#define KUSER_SHARED_DATA Incomplete_KUSER_SHARED_DATA
76#define PKUSER_SHARED_DATA Incomplete_PKUSER_SHARED_DATA
77
78
79
80#ifdef IPRT_NT_USE_WINTERNL
81/*
82 * Use Winternl.h.
83 */
84# define _FILE_INFORMATION_CLASS IncompleteWinternl_FILE_INFORMATION_CLASS
85# define FILE_INFORMATION_CLASS IncompleteWinternl_FILE_INFORMATION_CLASS
86# define FileDirectoryInformation IncompleteWinternl_FileDirectoryInformation
87
88# define NtQueryInformationProcess IncompleteWinternl_NtQueryInformationProcess
89# define NtSetInformationProcess IncompleteWinternl_NtSetInformationProcess
90# define PROCESSINFOCLASS IncompleteWinternl_PROCESSINFOCLASS
91# define _PROCESSINFOCLASS IncompleteWinternl_PROCESSINFOCLASS
92# define PROCESS_BASIC_INFORMATION IncompleteWinternl_PROCESS_BASIC_INFORMATION
93# define PPROCESS_BASIC_INFORMATION IncompleteWinternl_PPROCESS_BASIC_INFORMATION
94# define _PROCESS_BASIC_INFORMATION IncompleteWinternl_PROCESS_BASIC_INFORMATION
95# define ProcessBasicInformation IncompleteWinternl_ProcessBasicInformation
96# define ProcessDebugPort IncompleteWinternl_ProcessDebugPort
97# define ProcessWow64Information IncompleteWinternl_ProcessWow64Information
98# define ProcessImageFileName IncompleteWinternl_ProcessImageFileName
99# define ProcessBreakOnTermination IncompleteWinternl_ProcessBreakOnTermination
100
101# define RTL_USER_PROCESS_PARAMETERS IncompleteWinternl_RTL_USER_PROCESS_PARAMETERS
102# define PRTL_USER_PROCESS_PARAMETERS IncompleteWinternl_PRTL_USER_PROCESS_PARAMETERS
103# define _RTL_USER_PROCESS_PARAMETERS IncompleteWinternl__RTL_USER_PROCESS_PARAMETERS
104
105# define NtQueryInformationThread IncompleteWinternl_NtQueryInformationThread
106# define NtSetInformationThread IncompleteWinternl_NtSetInformationThread
107# define THREADINFOCLASS IncompleteWinternl_THREADINFOCLASS
108# define _THREADINFOCLASS IncompleteWinternl_THREADINFOCLASS
109# define ThreadIsIoPending IncompleteWinternl_ThreadIsIoPending
110
111# define NtQuerySystemInformation IncompleteWinternl_NtQuerySystemInformation
112# define NtSetSystemInformation IncompleteWinternl_NtSetSystemInformation
113# define SYSTEM_INFORMATION_CLASS IncompleteWinternl_SYSTEM_INFORMATION_CLASS
114# define _SYSTEM_INFORMATION_CLASS IncompleteWinternl_SYSTEM_INFORMATION_CLASS
115# define SystemBasicInformation IncompleteWinternl_SystemBasicInformation
116# define SystemPerformanceInformation IncompleteWinternl_SystemPerformanceInformation
117# define SystemTimeOfDayInformation IncompleteWinternl_SystemTimeOfDayInformation
118# define SystemProcessInformation IncompleteWinternl_SystemProcessInformation
119# define SystemProcessorPerformanceInformation IncompleteWinternl_SystemProcessorPerformanceInformation
120# define SystemInterruptInformation IncompleteWinternl_SystemInterruptInformation
121# define SystemExceptionInformation IncompleteWinternl_SystemExceptionInformation
122# define SystemRegistryQuotaInformation IncompleteWinternl_SystemRegistryQuotaInformation
123# define SystemLookasideInformation IncompleteWinternl_SystemLookasideInformation
124# define SystemPolicyInformation IncompleteWinternl_SystemPolicyInformation
125
126
127# pragma warning(push)
128# pragma warning(disable: 4668)
129# define WIN32_NO_STATUS
130# include <windef.h>
131# include <winnt.h>
132# include <winternl.h>
133# undef WIN32_NO_STATUS
134# include <ntstatus.h>
135# pragma warning(pop)
136
137
138# undef _FILE_INFORMATION_CLASS
139# undef FILE_INFORMATION_CLASS
140# undef FileDirectoryInformation
141
142# undef NtQueryInformationProcess
143# undef NtSetInformationProcess
144# undef PROCESSINFOCLASS
145# undef _PROCESSINFOCLASS
146# undef PROCESS_BASIC_INFORMATION
147# undef PPROCESS_BASIC_INFORMATION
148# undef _PROCESS_BASIC_INFORMATION
149# undef ProcessBasicInformation
150# undef ProcessDebugPort
151# undef ProcessWow64Information
152# undef ProcessImageFileName
153# undef ProcessBreakOnTermination
154
155# undef RTL_USER_PROCESS_PARAMETERS
156# undef PRTL_USER_PROCESS_PARAMETERS
157# undef _RTL_USER_PROCESS_PARAMETERS
158
159# undef NtQueryInformationThread
160# undef NtSetInformationThread
161# undef THREADINFOCLASS
162# undef _THREADINFOCLASS
163# undef ThreadIsIoPending
164
165# undef NtQuerySystemInformation
166# undef NtSetSystemInformation
167# undef SYSTEM_INFORMATION_CLASS
168# undef _SYSTEM_INFORMATION_CLASS
169# undef SystemBasicInformation
170# undef SystemPerformanceInformation
171# undef SystemTimeOfDayInformation
172# undef SystemProcessInformation
173# undef SystemProcessorPerformanceInformation
174# undef SystemInterruptInformation
175# undef SystemExceptionInformation
176# undef SystemRegistryQuotaInformation
177# undef SystemLookasideInformation
178# undef SystemPolicyInformation
179
180#else
181/*
182 * Use ntifs.h and wdm.h.
183 */
184# pragma warning(push)
185# ifdef RT_ARCH_X86
186# define _InterlockedAddLargeStatistic _InterlockedAddLargeStatistic_StupidDDKVsCompilerCrap
187# pragma warning(disable: 4163)
188# endif
189# pragma warning(disable: 4668)
190
191# include <ntifs.h>
192# include <wdm.h>
193
194# ifdef RT_ARCH_X86
195# undef _InterlockedAddLargeStatistic
196# endif
197# pragma warning(pop)
198
199# define IPRT_NT_NEED_API_GROUP_NTIFS
200#endif
201
202#undef RtlFreeUnicodeString
203#undef NtQueryObject
204#undef ZwQueryObject
205#undef NtSetInformationObject
206#undef _OBJECT_INFORMATION_CLASS
207#undef OBJECT_INFORMATION_CLASS
208#undef ObjectBasicInformation
209#undef ObjectTypeInformation
210#undef _PEB
211#undef PEB
212#undef PPEB
213#undef _TEB
214#undef TEB
215#undef PTEB
216#undef _PEB_LDR_DATA
217#undef PEB_LDR_DATA
218#undef PPEB_LDR_DATA
219#undef _KUSER_SHARED_DATA
220#undef KUSER_SHARED_DATA
221#undef PKUSER_SHARED_DATA
222
223
224#include <iprt/types.h>
225#include <iprt/assert.h>
226
227
228/** @name Useful macros
229 * @{ */
230/** Indicates that we're targeting native NT in the current source. */
231#define RTNT_USE_NATIVE_NT 1
232/** Initializes a IO_STATUS_BLOCK. */
233#define RTNT_IO_STATUS_BLOCK_INITIALIZER { STATUS_FAILED_DRIVER_ENTRY, ~(uintptr_t)42 }
234/** Reinitializes a IO_STATUS_BLOCK. */
235#define RTNT_IO_STATUS_BLOCK_REINIT(a_pIos) \
236 do { (a_pIos)->Status = STATUS_FAILED_DRIVER_ENTRY; (a_pIos)->Information = ~(uintptr_t)42; } while (0)
237/** Similar to INVALID_HANDLE_VALUE in the Windows environment. */
238#define RTNT_INVALID_HANDLE_VALUE ( (HANDLE)~(uintptr_t)0 )
239/** Constant UNICODE_STRING initializer. */
240#define RTNT_CONSTANT_UNISTR(a_String) { sizeof(a_String) - sizeof(WCHAR), sizeof(a_String), (WCHAR *)a_String }
241/** @} */
242
243
244/** @name IPRT helper functions for NT
245 * @{ */
246RT_C_DECLS_BEGIN
247
248RTDECL(int) RTNtPathOpen(const char *pszPath, ACCESS_MASK fDesiredAccess, ULONG fFileAttribs, ULONG fShareAccess,
249 ULONG fCreateDisposition, ULONG fCreateOptions, ULONG fObjAttribs,
250 PHANDLE phHandle, PULONG_PTR puDisposition);
251RTDECL(int) RTNtPathOpenDir(const char *pszPath, ACCESS_MASK fDesiredAccess, ULONG fShareAccess, ULONG fCreateOptions,
252 ULONG fObjAttribs, PHANDLE phHandle, bool *pfObjDir);
253RTDECL(int) RTNtPathClose(HANDLE hHandle);
254
255/**
256 * Converts a windows-style path to NT format and encoding.
257 *
258 * @returns IPRT status code.
259 * @param pNtName Where to return the NT name. Free using
260 * RTNtPathFree.
261 * @param phRootDir Where to return the root handle, if applicable.
262 * @param pszPath The UTF-8 path.
263 */
264RTDECL(int) RTNtPathFromWinUtf8(struct _UNICODE_STRING *pNtName, PHANDLE phRootDir, const char *pszPath);
265
266/**
267 * Converts a UTF-16 windows-style path to NT format.
268 *
269 * @returns IPRT status code.
270 * @param pNtName Where to return the NT name. Free using
271 * RTNtPathFree.
272 * @param phRootDir Where to return the root handle, if applicable.
273 * @param pwszPath The UTF-16 windows-style path.
274 * @param cwcPath The max length of the windows-style path in
275 * RTUTF16 units. Use RTSTR_MAX if unknown and @a
276 * pwszPath is correctly terminated.
277 */
278RTDECL(int) RTNtPathFromWinUtf16Ex(struct _UNICODE_STRING *pNtName, HANDLE *phRootDir, PCRTUTF16 pwszPath, size_t cwcPath);
279
280/**
281 * Ensures that the NT string has sufficient storage to hold @a cwcMin RTUTF16
282 * chars plus a terminator.
283 *
284 * The NT string must have been returned by RTNtPathFromWinUtf8 or
285 * RTNtPathFromWinUtf16Ex.
286 *
287 * @returns IPRT status code.
288 * @param pNtName The NT path string.
289 * @param cwcMin The minimum number of RTUTF16 chars. Max 32767.
290 * @sa RTNtPathFree
291 */
292RTDECL(int) RTNtPathEnsureSpace(struct _UNICODE_STRING *pNtName, size_t cwcMin);
293
294/**
295 * Frees the native path and root handle.
296 *
297 * @param pNtName The NT path from a successful call to
298 * RTNtPathFromWinUtf8 or RTNtPathFromWinUtf16Ex.
299 * @param phRootDir The root handle variable from the same call.
300 */
301RTDECL(void) RTNtPathFree(struct _UNICODE_STRING *pNtName, HANDLE *phRootDir);
302
303
304/**
305 * Checks whether the path could be containing alternative 8.3 names generated
306 * by NTFS, FAT, or other similar file systems.
307 *
308 * @returns Pointer to the first component that might be an 8.3 name, NULL if
309 * not 8.3 path.
310 * @param pwszPath The path to check.
311 *
312 * @remarks This is making bad ASSUMPTION wrt to the naming scheme of 8.3 names,
313 * however, non-tilde 8.3 aliases are probably rare enough to not be
314 * worth all the extra code necessary to open each path component and
315 * check if we've got the short name or not.
316 */
317RTDECL(PRTUTF16) RTNtPathFindPossible8dot3Name(PCRTUTF16 pwszPath);
318
319/**
320 * Fixes up a path possibly containing one or more alternative 8-dot-3 style
321 * components.
322 *
323 * The path is fixed up in place. Errors are ignored.
324 *
325 * @returns VINF_SUCCESS if it all went smoothly, informational status codes
326 * indicating the nature of last problem we ran into.
327 *
328 * @param pUniStr The path to fix up. MaximumLength is the max buffer
329 * length.
330 * @param fPathOnly Whether to only process the path and leave the filename
331 * as passed in.
332 */
333RTDECL(int) RTNtPathExpand8dot3Path(struct _UNICODE_STRING *pUniStr, bool fPathOnly);
334
335
336RT_C_DECLS_END
337/** @} */
338
339
340/** @name NT API delcarations.
341 * @{ */
342RT_C_DECLS_BEGIN
343
344/** @name Process access rights missing in ntddk headers
345 * @{ */
346#ifndef PROCESS_TERMINATE
347# define PROCESS_TERMINATE UINT32_C(0x00000001)
348#endif
349#ifndef PROCESS_CREATE_THREAD
350# define PROCESS_CREATE_THREAD UINT32_C(0x00000002)
351#endif
352#ifndef PROCESS_SET_SESSIONID
353# define PROCESS_SET_SESSIONID UINT32_C(0x00000004)
354#endif
355#ifndef PROCESS_VM_OPERATION
356# define PROCESS_VM_OPERATION UINT32_C(0x00000008)
357#endif
358#ifndef PROCESS_VM_READ
359# define PROCESS_VM_READ UINT32_C(0x00000010)
360#endif
361#ifndef PROCESS_VM_WRITE
362# define PROCESS_VM_WRITE UINT32_C(0x00000020)
363#endif
364#ifndef PROCESS_DUP_HANDLE
365# define PROCESS_DUP_HANDLE UINT32_C(0x00000040)
366#endif
367#ifndef PROCESS_CREATE_PROCESS
368# define PROCESS_CREATE_PROCESS UINT32_C(0x00000080)
369#endif
370#ifndef PROCESS_SET_QUOTA
371# define PROCESS_SET_QUOTA UINT32_C(0x00000100)
372#endif
373#ifndef PROCESS_SET_INFORMATION
374# define PROCESS_SET_INFORMATION UINT32_C(0x00000200)
375#endif
376#ifndef PROCESS_QUERY_INFORMATION
377# define PROCESS_QUERY_INFORMATION UINT32_C(0x00000400)
378#endif
379#ifndef PROCESS_SUSPEND_RESUME
380# define PROCESS_SUSPEND_RESUME UINT32_C(0x00000800)
381#endif
382#ifndef PROCESS_QUERY_LIMITED_INFORMATION
383# define PROCESS_QUERY_LIMITED_INFORMATION UINT32_C(0x00001000)
384#endif
385#ifndef PROCESS_SET_LIMITED_INFORMATION
386# define PROCESS_SET_LIMITED_INFORMATION UINT32_C(0x00002000)
387#endif
388#define PROCESS_UNKNOWN_4000 UINT32_C(0x00004000)
389#define PROCESS_UNKNOWN_6000 UINT32_C(0x00008000)
390#ifndef PROCESS_ALL_ACCESS
391# define PROCESS_ALL_ACCESS ( STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | UINT32_C(0x0000ffff) )
392#endif
393/** @} */
394
395/** @name Thread access rights missing in ntddk headers
396 * @{ */
397#ifndef THREAD_QUERY_INFORMATION
398# define THREAD_QUERY_INFORMATION UINT32_C(0x00000040)
399#endif
400#ifndef THREAD_SET_THREAD_TOKEN
401# define THREAD_SET_THREAD_TOKEN UINT32_C(0x00000080)
402#endif
403#ifndef THREAD_IMPERSONATE
404# define THREAD_IMPERSONATE UINT32_C(0x00000100)
405#endif
406#ifndef THREAD_DIRECT_IMPERSONATION
407# define THREAD_DIRECT_IMPERSONATION UINT32_C(0x00000200)
408#endif
409#ifndef THREAD_RESUME
410# define THREAD_RESUME UINT32_C(0x00001000)
411#endif
412#define THREAD_UNKNOWN_2000 UINT32_C(0x00002000)
413#define THREAD_UNKNOWN_4000 UINT32_C(0x00004000)
414#define THREAD_UNKNOWN_8000 UINT32_C(0x00008000)
415/** @} */
416
417/** @name Special handle values.
418 * @{ */
419#ifndef NtCurrentProcess
420# define NtCurrentProcess() ( (HANDLE)-(intptr_t)1 )
421#endif
422#ifndef NtCurrentThread
423# define NtCurrentThread() ( (HANDLE)-(intptr_t)2 )
424#endif
425#ifndef ZwCurrentProcess
426# define ZwCurrentProcess() NtCurrentProcess()
427#endif
428#ifndef ZwCurrentThread
429# define ZwCurrentThread() NtCurrentThread()
430#endif
431/** @} */
432
433
434/** @name Directory object access rights.
435 * @{ */
436#ifndef DIRECTORY_QUERY
437# define DIRECTORY_QUERY UINT32_C(0x00000001)
438#endif
439#ifndef DIRECTORY_TRAVERSE
440# define DIRECTORY_TRAVERSE UINT32_C(0x00000002)
441#endif
442#ifndef DIRECTORY_CREATE_OBJECT
443# define DIRECTORY_CREATE_OBJECT UINT32_C(0x00000004)
444#endif
445#ifndef DIRECTORY_CREATE_SUBDIRECTORY
446# define DIRECTORY_CREATE_SUBDIRECTORY UINT32_C(0x00000008)
447#endif
448#ifndef DIRECTORY_ALL_ACCESS
449# define DIRECTORY_ALL_ACCESS ( STANDARD_RIGHTS_REQUIRED | UINT32_C(0x0000000f) )
450#endif
451/** @} */
452
453
454
455#ifdef IPRT_NT_USE_WINTERNL
456typedef struct _CLIENT_ID
457{
458 HANDLE UniqueProcess;
459 HANDLE UniqueThread;
460} CLIENT_ID;
461typedef CLIENT_ID *PCLIENT_ID;
462#endif
463
464/** Extended affinity type, introduced in Windows 7 (?). */
465typedef struct _KAFFINITY_EX
466{
467 /** Count of valid bitmap entries. */
468 uint16_t Count;
469 /** Count of allocated bitmap entries. */
470 uint16_t Size;
471 /** Reserved / aligmment padding. */
472 uint32_t Reserved;
473 /** Bitmap where one bit corresponds to a CPU. */
474 uintptr_t Bitmap[20];
475} KAFFINITY_EX;
476typedef KAFFINITY_EX *PKAFFINITY_EX;
477typedef KAFFINITY_EX const *PCKAFFINITY_EX;
478
479/** @name User Shared Data
480 * @{ */
481
482#ifdef IPRT_NT_USE_WINTERNL
483typedef struct _KSYSTEM_TIME
484{
485 ULONG LowPart;
486 LONG High1Time;
487 LONG High2Time;
488} KSYSTEM_TIME;
489typedef KSYSTEM_TIME *PKSYSTEM_TIME;
490
491typedef enum _NT_PRODUCT_TYPE
492{
493 NtProductWinNt = 1,
494 NtProductLanManNt,
495 NtProductServer
496} NT_PRODUCT_TYPE;
497
498#define PROCESSOR_FEATURE_MAX 64
499
500typedef enum _ALTERNATIVE_ARCHITECTURE_TYPE
501{
502 StandardDesign = 0,
503 NEC98x86,
504 EndAlternatives
505} ALTERNATIVE_ARCHITECTURE_TYPE;
506
507# if 0
508typedef struct _XSTATE_FEATURE
509{
510 ULONG Offset;
511 ULONG Size;
512} XSTATE_FEATURE;
513typedef XSTATE_FEATURE *PXSTATE_FEATURE;
514
515#define MAXIMUM_XSTATE_FEATURES 64
516
517typedef struct _XSTATE_CONFIGURATION
518{
519 ULONG64 EnabledFeatures;
520 ULONG Size;
521 ULONG OptimizedSave : 1;
522 XSTATE_FEATURE Features[MAXIMUM_XSTATE_FEATURES];
523} XSTATE_CONFIGURATION;
524typedef XSTATE_CONFIGURATION *PXSTATE_CONFIGURATION;
525# endif
526#endif /* IPRT_NT_USE_WINTERNL */
527
528typedef struct _KUSER_SHARED_DATA
529{
530 ULONG TickCountLowDeprecated; /**< 0x000 */
531 ULONG TickCountMultiplier; /**< 0x004 */
532 KSYSTEM_TIME volatile InterruptTime; /**< 0x008 */
533 KSYSTEM_TIME volatile SystemTime; /**< 0x014 */
534 KSYSTEM_TIME volatile TimeZoneBias; /**< 0x020 */
535 USHORT ImageNumberLow; /**< 0x02c */
536 USHORT ImageNumberHigh; /**< 0x02e */
537 WCHAR NtSystemRoot[260]; /**< 0x030 */
538 ULONG MaxStackTraceDepth; /**< 0x238 */
539 ULONG CryptoExponent; /**< 0x23c */
540 ULONG TimeZoneId; /**< 0x240 */
541 ULONG LargePageMinimum; /**< 0x244 */
542 ULONG AitSamplingValue; /**< 0x248 */
543 ULONG AppCompatFlag; /**< 0x24c */
544 ULONGLONG RNGSeedVersion; /**< 0x250 */
545 ULONG GlobalValidationRunlevel; /**< 0x258 */
546 LONG volatile TimeZoneBiasStamp; /**< 0x25c*/
547 ULONG Reserved2; /**< 0x260 */
548 NT_PRODUCT_TYPE NtProductType; /**< 0x264 */
549 BOOLEAN ProductTypeIsValid; /**< 0x268 */
550 BOOLEAN Reserved0[1]; /**< 0x269 */
551 USHORT NativeProcessorArchitecture; /**< 0x26a */
552 ULONG NtMajorVersion; /**< 0x26c */
553 ULONG NtMinorVersion; /**< 0x270 */
554 BOOLEAN ProcessorFeatures[PROCESSOR_FEATURE_MAX]; /**< 0x274 */
555 ULONG Reserved1; /**< 0x2b4 */
556 ULONG Reserved3; /**< 0x2b8 */
557 ULONG volatile TimeSlip; /**< 0x2bc */
558 ALTERNATIVE_ARCHITECTURE_TYPE AlternativeArchitecture; /**< 0x2c0 */
559 ULONG AltArchitecturePad[1]; /**< 0x2c4 */
560 LARGE_INTEGER SystemExpirationDate; /**< 0x2c8 */
561 ULONG SuiteMask; /**< 0x2d0 */
562 BOOLEAN KdDebuggerEnabled; /**< 0x2d4 */
563 union /**< 0x2d5 */
564 {
565 UCHAR MitigationPolicies; /**< 0x2d5 */
566 struct
567 {
568 UCHAR NXSupportPolicy : 2;
569 UCHAR SEHValidationPolicy : 2;
570 UCHAR CurDirDevicesSkippedForDlls : 2;
571 UCHAR Reserved : 2;
572 };
573 };
574 UCHAR Reserved6[2]; /**< 0x2d6 */
575 ULONG volatile ActiveConsoleId; /**< 0x2d8 */
576 ULONG volatile DismountCount; /**< 0x2dc */
577 ULONG ComPlusPackage; /**< 0x2e0 */
578 ULONG LastSystemRITEventTickCount; /**< 0x2e4 */
579 ULONG NumberOfPhysicalPages; /**< 0x2e8 */
580 BOOLEAN SafeBootMode; /**< 0x2ec */
581 UCHAR Reserved12[3]; /**< 0x2ed */
582 union /**< 0x2f0 */
583 {
584 ULONG SharedDataFlags; /**< 0x2f0 */
585 struct
586 {
587 ULONG DbgErrorPortPresent : 1;
588 ULONG DbgElevationEnabled : 1;
589 ULONG DbgVirtEnabled : 1;
590 ULONG DbgInstallerDetectEnabled : 1;
591 ULONG DbgLkgEnabled : 1;
592 ULONG DbgDynProcessorEnabled : 1;
593 ULONG DbgConsoleBrokerEnabled : 1;
594 ULONG DbgSecureBootEnabled : 1;
595 ULONG SpareBits : 24;
596 };
597 };
598 ULONG DataFlagsPad[1]; /**< 0x2f4 */
599 ULONGLONG TestRetInstruction; /**< 0x2f8 */
600 LONGLONG QpcFrequency; /**< 0x300 */
601 ULONGLONG SystemCallPad[3]; /**< 0x308 */
602 union /**< 0x320 */
603 {
604 ULONG64 volatile TickCountQuad; /**< 0x320 */
605 KSYSTEM_TIME volatile TickCount; /**< 0x320 */
606 struct /**< 0x320 */
607 {
608 ULONG ReservedTickCountOverlay[3]; /**< 0x320 */
609 ULONG TickCountPad[1]; /**< 0x32c */
610 };
611 };
612 ULONG Cookie; /**< 0x330 */
613 ULONG CookiePad[1]; /**< 0x334 */
614 LONGLONG ConsoleSessionForegroundProcessId; /**< 0x338 */
615 ULONGLONG TimeUpdateLock; /**< 0x340 */
616 ULONGLONG BaselineSystemTimeQpc; /**< 0x348 */
617 ULONGLONG BaselineInterruptTimeQpc; /**< 0x350 */
618 ULONGLONG QpcSystemTimeIncrement; /**< 0x358 */
619 ULONGLONG QpcInterruptTimeIncrement; /**< 0x360 */
620 ULONG QpcSystemTimeIncrement32; /**< 0x368 */
621 ULONG QpcInterruptTimeIncrement32; /**< 0x36c */
622 UCHAR QpcSystemTimeIncrementShift; /**< 0x370 */
623 UCHAR QpcInterruptTimeIncrementShift; /**< 0x371 */
624 UCHAR Reserved8[14]; /**< 0x372 */
625 USHORT UserModeGlobalLogger[16]; /**< 0x380 */
626 ULONG ImageFileExecutionOptions; /**< 0x3a0 */
627 ULONG LangGenerationCount; /**< 0x3a4 */
628 ULONGLONG Reserved4; /**< 0x3a8 */
629 ULONGLONG volatile InterruptTimeBias; /**< 0x3b0 */
630 ULONGLONG volatile QpcBias; /**< 0x3b8 */
631 ULONG volatile ActiveProcessorCount; /**< 0x3c0 */
632 UCHAR volatile ActiveGroupCount; /**< 0x3c4 */
633 UCHAR Reserved9; /**< 0x3c5 */
634 union /**< 0x3c6 */
635 {
636 USHORT QpcData; /**< 0x3c6 */
637 struct /**< 0x3c6 */
638 {
639 BOOLEAN volatile QpcBypassEnabled; /**< 0x3c6 */
640 UCHAR QpcShift; /**< 0x3c7 */
641 };
642 };
643 LARGE_INTEGER TimeZoneBiasEffectiveStart; /**< 0x3c8 */
644 LARGE_INTEGER TimeZoneBiasEffectiveEnd; /**< 0x3d0 */
645 XSTATE_CONFIGURATION XState; /**< 0x3d8 */
646} KUSER_SHARED_DATA;
647typedef KUSER_SHARED_DATA *PKUSER_SHARED_DATA;
648AssertCompileMemberOffset(KUSER_SHARED_DATA, InterruptTime, 0x008);
649AssertCompileMemberOffset(KUSER_SHARED_DATA, SystemTime, 0x014);
650AssertCompileMemberOffset(KUSER_SHARED_DATA, NtSystemRoot, 0x030);
651AssertCompileMemberOffset(KUSER_SHARED_DATA, LargePageMinimum, 0x244);
652AssertCompileMemberOffset(KUSER_SHARED_DATA, Reserved1, 0x2b4);
653AssertCompileMemberOffset(KUSER_SHARED_DATA, TestRetInstruction, 0x2f8);
654AssertCompileMemberOffset(KUSER_SHARED_DATA, Cookie, 0x330);
655AssertCompileMemberOffset(KUSER_SHARED_DATA, ImageFileExecutionOptions, 0x3a0);
656AssertCompileMemberOffset(KUSER_SHARED_DATA, XState, 0x3d8);
657/** @def MM_SHARED_USER_DATA_VA
658 * Read only userland mapping of KUSER_SHARED_DATA. */
659#ifndef MM_SHARED_USER_DATA_VA
660# if ARCH_BITS == 32
661# define MM_SHARED_USER_DATA_VA UINT32_C(0x7ffe0000)
662# elif ARCH_BITS == 64
663# define MM_SHARED_USER_DATA_VA UINT64_C(0x7ffe0000)
664# else
665# error "Unsupported/undefined ARCH_BITS value."
666# endif
667#endif
668/** @def KI_USER_SHARED_DATA
669 * Read write kernel mapping of KUSER_SHARED_DATA. */
670#ifndef KI_USER_SHARED_DATA
671# ifdef RT_ARCH_X86
672# define KI_USER_SHARED_DATA UINT32_C(0xffdf0000)
673# elif defined(RT_ARCH_AMD64)
674# define KI_USER_SHARED_DATA UINT64_C(0xfffff78000000000)
675# else
676# error "PORT ME - KI_USER_SHARED_DATA"
677# endif
678#endif
679/** @} */
680
681
682/** @name Process And Thread Environment Blocks
683 * @{ */
684
685typedef struct _PEB_LDR_DATA
686{
687 uint32_t Length;
688 BOOLEAN Initialized;
689 BOOLEAN Padding[3];
690 HANDLE SsHandle;
691 LIST_ENTRY InLoadOrderModuleList;
692 LIST_ENTRY InMemoryOrderModuleList;
693 LIST_ENTRY InInitializationOrderModuleList;
694 /* End NT4 */
695 LIST_ENTRY *EntryInProgress;
696 BOOLEAN ShutdownInProgress;
697 HANDLE ShutdownThreadId;
698} PEB_LDR_DATA;
699typedef PEB_LDR_DATA *PPEB_LDR_DATA;
700
701typedef struct _PEB_COMMON
702{
703 BOOLEAN InheritedAddressSpace; /**< 0x000 / 0x000 */
704 BOOLEAN ReadImageFileExecOptions; /**< 0x001 / 0x001 */
705 BOOLEAN BeingDebugged; /**< 0x002 / 0x002 */
706 union
707 {
708 uint8_t BitField; /**< 0x003 / 0x003 */
709 struct
710 {
711 uint8_t ImageUsesLargePages : 1; /**< 0x003 / 0x003 : Pos 0, 1 Bit */
712 } Common;
713 struct
714 {
715 uint8_t ImageUsesLargePages : 1; /**< 0x003 / 0x003 : Pos 0, 1 Bit */
716 uint8_t IsProtectedProcess : 1; /**< 0x003 / 0x003 : Pos 1, 1 Bit */
717 uint8_t IsImageDynamicallyRelocated : 1; /**< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W80 */
718 uint8_t SkipPatchingUser32Forwarders : 1; /**< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W80 */
719 uint8_t IsPackagedProcess : 1; /**< 0x003 / 0x003 : Pos 4, 1 Bit - Differs from W80 */
720 uint8_t IsAppContainer : 1; /**< 0x003 / 0x003 : Pos 5, 1 Bit - Differs from W80 */
721 uint8_t IsProtectedProcessLight : 1; /**< 0x003 / 0x003 : Pos 6, 1 Bit - Differs from W80 */
722 uint8_t SpareBits : 1; /**< 0x003 / 0x003 : Pos 7, 1 Bit */
723 } W81;
724 struct
725 {
726 uint8_t ImageUsesLargePages : 1; /**< 0x003 / 0x003 : Pos 0, 1 Bit */
727 uint8_t IsProtectedProcess : 1; /**< 0x003 / 0x003 : Pos 1, 1 Bit */
728 uint8_t IsLegacyProcess : 1; /**< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W81 */
729 uint8_t IsImageDynamicallyRelocated : 1; /**< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W81 */
730 uint8_t SkipPatchingUser32Forwarders : 1; /**< 0x003 / 0x003 : Pos 4, 1 Bit - Differs from W81 */
731 uint8_t IsPackagedProcess : 1; /**< 0x003 / 0x003 : Pos 5, 1 Bit - Differs from W81 */
732 uint8_t IsAppContainer : 1; /**< 0x003 / 0x003 : Pos 6, 1 Bit - Differs from W81 */
733 uint8_t SpareBits : 1; /**< 0x003 / 0x003 : Pos 7, 1 Bit */
734 } W80;
735 struct
736 {
737 uint8_t ImageUsesLargePages : 1; /**< 0x003 / 0x003 : Pos 0, 1 Bit */
738 uint8_t IsProtectedProcess : 1; /**< 0x003 / 0x003 : Pos 1, 1 Bit */
739 uint8_t IsLegacyProcess : 1; /**< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W81, same as W80 & W6. */
740 uint8_t IsImageDynamicallyRelocated : 1; /**< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W81, same as W80 & W6. */
741 uint8_t SkipPatchingUser32Forwarders : 1; /**< 0x003 / 0x003 : Pos 4, 1 Bit - Added in W7; Differs from W81, same as W80. */
742 uint8_t SpareBits : 3; /**< 0x003 / 0x003 : Pos 5, 3 Bit - Differs from W81 & W80, more spare bits. */
743 } W7;
744 struct
745 {
746 uint8_t ImageUsesLargePages : 1; /**< 0x003 / 0x003 : Pos 0, 1 Bit */
747 uint8_t IsProtectedProcess : 1; /**< 0x003 / 0x003 : Pos 1, 1 Bit */
748 uint8_t IsLegacyProcess : 1; /**< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W81, same as W80 & W7. */
749 uint8_t IsImageDynamicallyRelocated : 1; /**< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W81, same as W80 & W7. */
750 uint8_t SpareBits : 4; /**< 0x003 / 0x003 : Pos 4, 4 Bit - Differs from W81, W80, & W7, more spare bits. */
751 } W6;
752 struct
753 {
754 uint8_t ImageUsesLargePages : 1; /**< 0x003 / 0x003 : Pos 0, 1 Bit */
755 uint8_t SpareBits : 7; /**< 0x003 / 0x003 : Pos 1, 7 Bit - Differs from W81, W80, & W7, more spare bits. */
756 } W52;
757 struct
758 {
759 BOOLEAN SpareBool;
760 } W51;
761 } Diff0;
762#if ARCH_BITS == 64
763 uint32_t Padding0; /**< 0x004 / NA */
764#endif
765 HANDLE Mutant; /**< 0x008 / 0x004 */
766 PVOID ImageBaseAddress; /**< 0x010 / 0x008 */
767 PPEB_LDR_DATA Ldr; /**< 0x018 / 0x00c */
768 struct _RTL_USER_PROCESS_PARAMETERS *ProcessParameters; /**< 0x020 / 0x010 */
769 PVOID SubSystemData; /**< 0x028 / 0x014 */
770 HANDLE ProcessHeap; /**< 0x030 / 0x018 */
771 struct _RTL_CRITICAL_SECTION *FastPebLock; /**< 0x038 / 0x01c */
772 union
773 {
774 struct
775 {
776 PVOID AtlThunkSListPtr; /**< 0x040 / 0x020 */
777 PVOID IFEOKey; /**< 0x048 / 0x024 */
778 union
779 {
780 ULONG CrossProcessFlags; /**< 0x050 / 0x028 */
781 struct
782 {
783 uint32_t ProcessInJob : 1; /**< 0x050 / 0x028: Pos 0, 1 Bit */
784 uint32_t ProcessInitializing : 1; /**< 0x050 / 0x028: Pos 1, 1 Bit */
785 uint32_t ProcessUsingVEH : 1; /**< 0x050 / 0x028: Pos 2, 1 Bit */
786 uint32_t ProcessUsingVCH : 1; /**< 0x050 / 0x028: Pos 3, 1 Bit */
787 uint32_t ProcessUsingFTH : 1; /**< 0x050 / 0x028: Pos 4, 1 Bit */
788 uint32_t ReservedBits0 : 1; /**< 0x050 / 0x028: Pos 5, 27 Bits */
789 } W7, W8, W80, W81;
790 struct
791 {
792 uint32_t ProcessInJob : 1; /**< 0x050 / 0x028: Pos 0, 1 Bit */
793 uint32_t ProcessInitializing : 1; /**< 0x050 / 0x028: Pos 1, 1 Bit */
794 uint32_t ReservedBits0 : 30; /**< 0x050 / 0x028: Pos 2, 30 Bits */
795 } W6;
796 };
797#if ARCH_BITS == 64
798 uint32_t Padding1; /**< 0x054 / */
799#endif
800 } W6, W7, W8, W80, W81;
801 struct
802 {
803 PVOID AtlThunkSListPtr; /**< 0x040 / 0x020 */
804 PVOID SparePtr2; /**< 0x048 / 0x024 */
805 uint32_t EnvironmentUpdateCount; /**< 0x050 / 0x028 */
806#if ARCH_BITS == 64
807 uint32_t Padding1; /**< 0x054 / */
808#endif
809 } W52;
810 struct
811 {
812 PVOID FastPebLockRoutine; /**< NA / 0x020 */
813 PVOID FastPebUnlockRoutine; /**< NA / 0x024 */
814 uint32_t EnvironmentUpdateCount; /**< NA / 0x028 */
815 } W51;
816 } Diff1;
817 union
818 {
819 PVOID KernelCallbackTable; /**< 0x058 / 0x02c */
820 PVOID UserSharedInfoPtr; /**< 0x058 / 0x02c - Alternative use in W6.*/
821 };
822 uint32_t SystemReserved; /**< 0x060 / 0x030 */
823 union
824 {
825 struct
826 {
827 uint32_t AtlThunkSListPtr32; /**< 0x064 / 0x034 */
828 } W7, W8, W80, W81;
829 struct
830 {
831 uint32_t SpareUlong; /**< 0x064 / 0x034 */
832 } W52, W6;
833 struct
834 {
835 uint32_t ExecuteOptions : 2; /**< NA / 0x034: Pos 0, 2 Bits */
836 uint32_t SpareBits : 30; /**< NA / 0x034: Pos 2, 30 Bits */
837 } W51;
838 } Diff2;
839 union
840 {
841 struct
842 {
843 PVOID ApiSetMap; /**< 0x068 / 0x038 */
844 } W7, W8, W80, W81;
845 struct
846 {
847 struct _PEB_FREE_BLOCK *FreeList; /**< 0x068 / 0x038 */
848 } W52, W6;
849 struct
850 {
851 struct _PEB_FREE_BLOCK *FreeList; /**< NA / 0x038 */
852 } W51;
853 } Diff3;
854 uint32_t TlsExpansionCounter; /**< 0x070 / 0x03c */
855#if ARCH_BITS == 64
856 uint32_t Padding2; /**< 0x074 / NA */
857#endif
858 struct _RTL_BITMAP *TlsBitmap; /**< 0x078 / 0x040 */
859 uint32_t TlsBitmapBits[2]; /**< 0x080 / 0x044 */
860 PVOID ReadOnlySharedMemoryBase; /**< 0x088 / 0x04c */
861 union
862 {
863 struct
864 {
865 PVOID SparePvoid0; /**< 0x090 / 0x050 - HotpatchInformation before W81. */
866 } W81;
867 struct
868 {
869 PVOID HotpatchInformation; /**< 0x090 / 0x050 - Retired in W81. */
870 } W6, W7, W80;
871 struct
872 {
873 PVOID ReadOnlySharedMemoryHeap;
874 } W52;
875 } Diff4;
876 PVOID *ReadOnlyStaticServerData; /**< 0x098 / 0x054 */
877 PVOID AnsiCodePageData; /**< 0x0a0 / 0x058 */
878 PVOID OemCodePageData; /**< 0x0a8 / 0x05c */
879 PVOID UnicodeCaseTableData; /**< 0x0b0 / 0x060 */
880 uint32_t NumberOfProcessors; /**< 0x0b8 / 0x064 */
881 uint32_t NtGlobalFlag; /**< 0x0bc / 0x068 */
882 LARGE_INTEGER CriticalSectionTimeout; /**< 0x0c0 / 0x070 */
883 SIZE_T HeapSegmentReserve; /**< 0x0c8 / 0x078 */
884 SIZE_T HeapSegmentCommit; /**< 0x0d0 / 0x07c */
885 SIZE_T HeapDeCommitTotalFreeThreshold; /**< 0x0d8 / 0x080 */
886 SIZE_T HeapDeCommitFreeBlockThreshold; /**< 0x0e0 / 0x084 */
887 uint32_t NumberOfHeaps; /**< 0x0e8 / 0x088 */
888 uint32_t MaximumNumberOfHeaps; /**< 0x0ec / 0x08c */
889 PVOID *ProcessHeaps; /**< 0x0f0 / 0x090 */
890 PVOID GdiSharedHandleTable; /**< 0x0f8 / 0x094 */
891 PVOID ProcessStarterHelper; /**< 0x100 / 0x098 */
892 uint32_t GdiDCAttributeList; /**< 0x108 / 0x09c */
893#if ARCH_BITS == 64
894 uint32_t Padding3; /**< 0x10c / NA */
895#endif
896 struct _RTL_CRITICAL_SECTION *LoaderLock; /**< 0x110 / 0x0a0 */
897 uint32_t OSMajorVersion; /**< 0x118 / 0x0a4 */
898 uint32_t OSMinorVersion; /**< 0x11c / 0x0a8 */
899 uint16_t OSBuildNumber; /**< 0x120 / 0x0ac */
900 uint16_t OSCSDVersion; /**< 0x122 / 0x0ae */
901 uint32_t OSPlatformId; /**< 0x124 / 0x0b0 */
902 uint32_t ImageSubsystem; /**< 0x128 / 0x0b4 */
903 uint32_t ImageSubsystemMajorVersion; /**< 0x12c / 0x0b8 */
904 uint32_t ImageSubsystemMinorVersion; /**< 0x130 / 0x0bc */
905#if ARCH_BITS == 64
906 uint32_t Padding4; /**< 0x134 / NA */
907#endif
908 union
909 {
910 struct
911 {
912 SIZE_T ActiveProcessAffinityMask; /**< 0x138 / 0x0c0 */
913 } W7, W8, W80, W81;
914 struct
915 {
916 SIZE_T ImageProcessAffinityMask; /**< 0x138 / 0x0c0 */
917 } W52, W6;
918 } Diff5;
919 uint32_t GdiHandleBuffer[ARCH_BITS == 64 ? 60 : 34]; /**< 0x140 / 0x0c4 */
920 PVOID PostProcessInitRoutine; /**< 0x230 / 0x14c */
921 PVOID TlsExpansionBitmap; /**< 0x238 / 0x150 */
922 uint32_t TlsExpansionBitmapBits[32]; /**< 0x240 / 0x154 */
923 uint32_t SessionId; /**< 0x2c0 / 0x1d4 */
924#if ARCH_BITS == 64
925 uint32_t Padding5; /**< 0x2c4 / NA */
926#endif
927 ULARGE_INTEGER AppCompatFlags; /**< 0x2c8 / 0x1d8 */
928 ULARGE_INTEGER AppCompatFlagsUser; /**< 0x2d0 / 0x1e0 */
929 PVOID pShimData; /**< 0x2d8 / 0x1e8 */
930 PVOID AppCompatInfo; /**< 0x2e0 / 0x1ec */
931 UNICODE_STRING CSDVersion; /**< 0x2e8 / 0x1f0 */
932 struct _ACTIVATION_CONTEXT_DATA *ActivationContextData; /**< 0x2f8 / 0x1f8 */
933 struct _ASSEMBLY_STORAGE_MAP *ProcessAssemblyStorageMap; /**< 0x300 / 0x1fc */
934 struct _ACTIVATION_CONTEXT_DATA *SystemDefaultActivationContextData; /**< 0x308 / 0x200 */
935 struct _ASSEMBLY_STORAGE_MAP *SystemAssemblyStorageMap; /**< 0x310 / 0x204 */
936 SIZE_T MinimumStackCommit; /**< 0x318 / 0x208 */
937 /* End of PEB in W52 (Windows XP (RTM))! */
938 struct _FLS_CALLBACK_INFO *FlsCallback; /**< 0x320 / 0x20c */
939 LIST_ENTRY FlsListHead; /**< 0x328 / 0x210 */
940 PVOID FlsBitmap; /**< 0x338 / 0x218 */
941 uint32_t FlsBitmapBits[4]; /**< 0x340 / 0x21c */
942 uint32_t FlsHighIndex; /**< 0x350 / 0x22c */
943 /* End of PEB in W52 (Windows Server 2003)! */
944 PVOID WerRegistrationData; /**< 0x358 / 0x230 */
945 PVOID WerShipAssertPtr; /**< 0x360 / 0x234 */
946 /* End of PEB in W6 (windows Vista)! */
947 union
948 {
949 struct
950 {
951 PVOID pUnused; /**< 0x368 / 0x238 - Was pContextData in W7. */
952 } W8, W80, W81;
953 struct
954 {
955 PVOID pContextData; /**< 0x368 / 0x238 - Retired in W80. */
956 } W7;
957 } Diff6;
958 PVOID pImageHeaderHash; /**< 0x370 / 0x23c */
959 union
960 {
961 uint32_t TracingFlags; /**< 0x378 / 0x240 */
962 struct
963 {
964 uint32_t HeapTracingEnabled : 1; /**< 0x378 / 0x240 : Pos 0, 1 Bit */
965 uint32_t CritSecTracingEnabled : 1; /**< 0x378 / 0x240 : Pos 1, 1 Bit */
966 uint32_t LibLoaderTracingEnabled : 1; /**< 0x378 / 0x240 : Pos 2, 1 Bit */
967 uint32_t SpareTracingBits : 29; /**< 0x378 / 0x240 : Pos 3, 29 Bits */
968 } W8, W80, W81;
969 struct
970 {
971 uint32_t HeapTracingEnabled : 1; /**< 0x378 / 0x240 : Pos 0, 1 Bit */
972 uint32_t CritSecTracingEnabled : 1; /**< 0x378 / 0x240 : Pos 1, 1 Bit */
973 uint32_t SpareTracingBits : 30; /**< 0x378 / 0x240 : Pos 3, 30 Bits - One bit more than W80 */
974 } W7;
975 } Diff7;
976#if ARCH_BITS == 64
977 uint32_t Padding6; /**< 0x37c / NA */
978#endif
979 uint64_t CsrServerReadOnlySharedMemoryBase; /**< 0x380 / 0x248 */
980} PEB_COMMON;
981typedef PEB_COMMON *PPEB_COMMON;
982
983AssertCompileMemberOffset(PEB_COMMON, ProcessHeap, ARCH_BITS == 64 ? 0x30 : 0x18);
984AssertCompileMemberOffset(PEB_COMMON, SystemReserved, ARCH_BITS == 64 ? 0x60 : 0x30);
985AssertCompileMemberOffset(PEB_COMMON, TlsExpansionCounter, ARCH_BITS == 64 ? 0x70 : 0x3c);
986AssertCompileMemberOffset(PEB_COMMON, NtGlobalFlag, ARCH_BITS == 64 ? 0xbc : 0x68);
987AssertCompileMemberOffset(PEB_COMMON, LoaderLock, ARCH_BITS == 64 ? 0x110 : 0xa0);
988AssertCompileMemberOffset(PEB_COMMON, Diff5.W52.ImageProcessAffinityMask, ARCH_BITS == 64 ? 0x138 : 0xc0);
989AssertCompileMemberOffset(PEB_COMMON, PostProcessInitRoutine, ARCH_BITS == 64 ? 0x230 : 0x14c);
990AssertCompileMemberOffset(PEB_COMMON, AppCompatFlags, ARCH_BITS == 64 ? 0x2c8 : 0x1d8);
991AssertCompileSize(PEB_COMMON, ARCH_BITS == 64 ? 0x388 : 0x250);
992
993/** The size of the windows 8.1 PEB structure. */
994#define PEB_SIZE_W81 sizeof(PEB_COMMON)
995/** The size of the windows 8.0 PEB structure. */
996#define PEB_SIZE_W80 sizeof(PEB_COMMON)
997/** The size of the windows 7 PEB structure. */
998#define PEB_SIZE_W7 RT_UOFFSETOF(PEB_COMMON, CsrServerReadOnlySharedMemoryBase)
999/** The size of the windows vista PEB structure. */
1000#define PEB_SIZE_W6 RT_UOFFSETOF(PEB_COMMON, Diff3)
1001/** The size of the windows server 2003 PEB structure. */
1002#define PEB_SIZE_W52 RT_UOFFSETOF(PEB_COMMON, WerRegistrationData)
1003/** The size of the windows XP PEB structure. */
1004#define PEB_SIZE_W51 RT_UOFFSETOF(PEB_COMMON, FlsCallback)
1005
1006#if 0
1007typedef struct _NT_TIB
1008{
1009 struct _EXCEPTION_REGISTRATION_RECORD *ExceptionList;
1010 PVOID StackBase;
1011 PVOID StackLimit;
1012 PVOID SubSystemTib;
1013 union
1014 {
1015 PVOID FiberData;
1016 ULONG Version;
1017 };
1018 PVOID ArbitraryUserPointer;
1019 struct _NT_TIB *Self;
1020} NT_TIB;
1021typedef NT_TIB *PNT_TIB;
1022#endif
1023
1024typedef struct _ACTIVATION_CONTEXT_STACK
1025{
1026 uint32_t Flags;
1027 uint32_t NextCookieSequenceNumber;
1028 PVOID ActiveFrame;
1029 LIST_ENTRY FrameListCache;
1030} ACTIVATION_CONTEXT_STACK;
1031
1032/* Common TEB. */
1033typedef struct _TEB_COMMON
1034{
1035 NT_TIB NtTib; /**< 0x000 / 0x000 */
1036 PVOID EnvironmentPointer; /**< 0x038 / 0x01c */
1037 CLIENT_ID ClientId; /**< 0x040 / 0x020 */
1038 PVOID ActiveRpcHandle; /**< 0x050 / 0x028 */
1039 PVOID ThreadLocalStoragePointer; /**< 0x058 / 0x02c */
1040 PPEB_COMMON ProcessEnvironmentBlock; /**< 0x060 / 0x030 */
1041 uint32_t LastErrorValue; /**< 0x068 / 0x034 */
1042 uint32_t CountOfOwnedCriticalSections; /**< 0x06c / 0x038 */
1043 PVOID CsrClientThread; /**< 0x070 / 0x03c */
1044 PVOID Win32ThreadInfo; /**< 0x078 / 0x040 */
1045 uint32_t User32Reserved[26]; /**< 0x080 / 0x044 */
1046 uint32_t UserReserved[5]; /**< 0x0e8 / 0x0ac */
1047 PVOID WOW32Reserved; /**< 0x100 / 0x0c0 */
1048 uint32_t CurrentLocale; /**< 0x108 / 0x0c4 */
1049 uint32_t FpSoftwareStatusRegister; /**< 0x10c / 0x0c8 */
1050 PVOID SystemReserved1[54]; /**< 0x110 / 0x0cc */
1051 uint32_t ExceptionCode; /**< 0x2c0 / 0x1a4 */
1052#if ARCH_BITS == 64
1053 uint32_t Padding0; /**< 0x2c4 / NA */
1054#endif
1055 union
1056 {
1057 struct
1058 {
1059 struct _ACTIVATION_CONTEXT_STACK *ActivationContextStackPointer;/**< 0x2c8 / 0x1a8 */
1060 uint8_t SpareBytes[ARCH_BITS == 64 ? 24 : 36]; /**< 0x2d0 / 0x1ac */
1061 } W52, W6, W7, W8, W80, W81;
1062#if ARCH_BITS == 32
1063 struct
1064 {
1065 ACTIVATION_CONTEXT_STACK ActivationContextStack; /**< NA / 0x1a8 */
1066 uint8_t SpareBytes[20]; /**< NA / 0x1bc */
1067 } W51;
1068#endif
1069 } Diff0;
1070 union
1071 {
1072 struct
1073 {
1074 uint32_t TxFsContext; /**< 0x2e8 / 0x1d0 */
1075 } W6, W7, W8, W80, W81;
1076 struct
1077 {
1078 uint32_t SpareBytesContinues; /**< 0x2e8 / 0x1d0 */
1079 } W52;
1080 } Diff1;
1081#if ARCH_BITS == 64
1082 uint32_t Padding1; /**< 0x2ec / NA */
1083#endif
1084 /*_GDI_TEB_BATCH*/ uint8_t GdiTebBatch[ARCH_BITS == 64 ? 0x4e8 :0x4e0]; /**< 0x2f0 / 0x1d4 */
1085 CLIENT_ID RealClientId; /**< 0x7d8 / 0x6b4 */
1086 HANDLE GdiCachedProcessHandle; /**< 0x7e8 / 0x6bc */
1087 uint32_t GdiClientPID; /**< 0x7f0 / 0x6c0 */
1088 uint32_t GdiClientTID; /**< 0x7f4 / 0x6c4 */
1089 PVOID GdiThreadLocalInfo; /**< 0x7f8 / 0x6c8 */
1090 SIZE_T Win32ClientInfo[62]; /**< 0x800 / 0x6cc */
1091 PVOID glDispatchTable[233]; /**< 0x9f0 / 0x7c4 */
1092 SIZE_T glReserved1[29]; /**< 0x1138 / 0xb68 */
1093 PVOID glReserved2; /**< 0x1220 / 0xbdc */
1094 PVOID glSectionInfo; /**< 0x1228 / 0xbe0 */
1095 PVOID glSection; /**< 0x1230 / 0xbe4 */
1096 PVOID glTable; /**< 0x1238 / 0xbe8 */
1097 PVOID glCurrentRC; /**< 0x1240 / 0xbec */
1098 PVOID glContext; /**< 0x1248 / 0xbf0 */
1099 NTSTATUS LastStatusValue; /**< 0x1250 / 0xbf4 */
1100#if ARCH_BITS == 64
1101 uint32_t Padding2; /**< 0x1254 / NA */
1102#endif
1103 UNICODE_STRING StaticUnicodeString; /**< 0x1258 / 0xbf8 */
1104 WCHAR StaticUnicodeBuffer[261]; /**< 0x1268 / 0xc00 */
1105#if ARCH_BITS == 64
1106 WCHAR Padding3[3]; /**< 0x1472 / NA */
1107#endif
1108 PVOID DeallocationStack; /**< 0x1478 / 0xe0c */
1109 PVOID TlsSlots[64]; /**< 0x1480 / 0xe10 */
1110 LIST_ENTRY TlsLinks; /**< 0x1680 / 0xf10 */
1111 PVOID Vdm; /**< 0x1690 / 0xf18 */
1112 PVOID ReservedForNtRpc; /**< 0x1698 / 0xf1c */
1113 PVOID DbgSsReserved[2]; /**< 0x16a0 / 0xf20 */
1114 uint32_t HardErrorMode; /**< 0x16b0 / 0xf28 - Called HardErrorsAreDisabled in W51. */
1115#if ARCH_BITS == 64
1116 uint32_t Padding4; /**< 0x16b4 / NA */
1117#endif
1118 PVOID Instrumentation[ARCH_BITS == 64 ? 11 : 9]; /**< 0x16b8 / 0xf2c */
1119 union
1120 {
1121 struct
1122 {
1123 GUID ActivityId; /**< 0x1710 / 0xf50 */
1124 PVOID SubProcessTag; /**< 0x1720 / 0xf60 */
1125 } W6, W7, W8, W80, W81;
1126 struct
1127 {
1128 PVOID InstrumentationContinues[ARCH_BITS == 64 ? 3 : 5]; /**< 0x1710 / 0xf50 */
1129 } W52;
1130 } Diff2;
1131 union /**< 0x1728 / 0xf64 */
1132 {
1133 struct
1134 {
1135 PVOID PerflibData; /**< 0x1728 / 0xf64 */
1136 } W8, W80, W81;
1137 struct
1138 {
1139 PVOID EtwLocalData; /**< 0x1728 / 0xf64 */
1140 } W7, W6;
1141 struct
1142 {
1143 PVOID SubProcessTag; /**< 0x1728 / 0xf64 */
1144 } W52;
1145 struct
1146 {
1147 PVOID InstrumentationContinues[1]; /**< 0x1728 / 0xf64 */
1148 } W51;
1149 } Diff3;
1150 union
1151 {
1152 struct
1153 {
1154 PVOID EtwTraceData; /**< 0x1730 / 0xf68 */
1155 } W52, W6, W7, W8, W80, W81;
1156 struct
1157 {
1158 PVOID InstrumentationContinues[1]; /**< 0x1730 / 0xf68 */
1159 } W51;
1160 } Diff4;
1161 PVOID WinSockData; /**< 0x1738 / 0xf6c */
1162 uint32_t GdiBatchCount; /**< 0x1740 / 0xf70 */
1163 union
1164 {
1165 union
1166 {
1167 PROCESSOR_NUMBER CurrentIdealProcessor; /**< 0x1744 / 0xf74 - W7+ */
1168 uint32_t IdealProcessorValue; /**< 0x1744 / 0xf74 - W7+ */
1169 struct
1170 {
1171 uint8_t ReservedPad1; /**< 0x1744 / 0xf74 - Called SpareBool0 in W6 */
1172 uint8_t ReservedPad2; /**< 0x1745 / 0xf75 - Called SpareBool0 in W6 */
1173 uint8_t ReservedPad3; /**< 0x1746 / 0xf76 - Called SpareBool0 in W6 */
1174 uint8_t IdealProcessor; /**< 0x1747 / 0xf77 */
1175 };
1176 } W6, W7, W8, W80, W81;
1177 struct
1178 {
1179 BOOLEAN InDbgPrint; /**< 0x1744 / 0xf74 */
1180 BOOLEAN FreeStackOnTermination; /**< 0x1745 / 0xf75 */
1181 BOOLEAN HasFiberData; /**< 0x1746 / 0xf76 */
1182 uint8_t IdealProcessor; /**< 0x1747 / 0xf77 */
1183 } W51, W52;
1184 } Diff5;
1185 uint32_t GuaranteedStackBytes; /**< 0x1748 / 0xf78 */
1186#if ARCH_BITS == 64
1187 uint32_t Padding5; /**< 0x174c / NA */
1188#endif
1189 PVOID ReservedForPerf; /**< 0x1750 / 0xf7c */
1190 PVOID ReservedForOle; /**< 0x1758 / 0xf80 */
1191 uint32_t WaitingOnLoaderLock; /**< 0x1760 / 0xf84 */
1192#if ARCH_BITS == 64
1193 uint32_t Padding6; /**< 0x1764 / NA */
1194#endif
1195 union /**< 0x1770 / 0xf8c */
1196 {
1197 struct
1198 {
1199 PVOID SavedPriorityState; /**< 0x1768 / 0xf88 */
1200 SIZE_T ReservedForCodeCoverage; /**< 0x1770 / 0xf8c */
1201 PVOID ThreadPoolData; /**< 0x1778 / 0xf90 */
1202 } W8, W80, W81;
1203 struct
1204 {
1205 PVOID SavedPriorityState; /**< 0x1768 / 0xf88 */
1206 SIZE_T SoftPatchPtr1; /**< 0x1770 / 0xf8c */
1207 PVOID ThreadPoolData; /**< 0x1778 / 0xf90 */
1208 } W6, W7;
1209 struct
1210 {
1211 PVOID SparePointer1; /**< 0x1768 / 0xf88 */
1212 SIZE_T SoftPatchPtr1; /**< 0x1770 / 0xf8c */
1213 PVOID SoftPatchPtr2; /**< 0x1778 / 0xf90 */
1214 } W52;
1215#if ARCH_BITS == 32
1216 struct _Wx86ThreadState
1217 {
1218 PVOID CallBx86Eip; /**< NA / 0xf88 */
1219 PVOID DeallocationCpu; /**< NA / 0xf8c */
1220 BOOLEAN UseKnownWx86Dll; /**< NA / 0xf90 */
1221 int8_t OleStubInvoked; /**< NA / 0xf91 */
1222 } W51;
1223#endif
1224 } Diff6;
1225 PVOID TlsExpansionSlots; /**< 0x1780 / 0xf94 */
1226#if ARCH_BITS == 64
1227 PVOID DallocationBStore; /**< 0x1788 / NA */
1228 PVOID BStoreLimit; /**< 0x1790 / NA */
1229#endif
1230 union
1231 {
1232 struct
1233 {
1234 uint32_t MuiGeneration; /**< 0x1798 / 0xf98 */
1235 } W7, W8, W80, W81;
1236 struct
1237 {
1238 uint32_t ImpersonationLocale;
1239 } W6;
1240 } Diff7;
1241 uint32_t IsImpersonating; /**< 0x179c / 0xf9c */
1242 PVOID NlsCache; /**< 0x17a0 / 0xfa0 */
1243 PVOID pShimData; /**< 0x17a8 / 0xfa4 */
1244 union /**< 0x17b0 / 0xfa8 */
1245 {
1246 struct
1247 {
1248 uint16_t HeapVirtualAffinity; /**< 0x17b0 / 0xfa8 */
1249 uint16_t LowFragHeapDataSlot; /**< 0x17b2 / 0xfaa */
1250 } W8, W80, W81;
1251 struct
1252 {
1253 uint32_t HeapVirtualAffinity; /**< 0x17b0 / 0xfa8 */
1254 } W7;
1255 } Diff8;
1256#if ARCH_BITS == 64
1257 uint32_t Padding7; /**< 0x17b4 / NA */
1258#endif
1259 HANDLE CurrentTransactionHandle; /**< 0x17b8 / 0xfac */
1260 struct _TEB_ACTIVE_FRAME *ActiveFrame; /**< 0x17c0 / 0xfb0 */
1261 /* End of TEB in W51 (Windows XP)! */
1262 PVOID FlsData; /**< 0x17c8 / 0xfb4 */
1263 union
1264 {
1265 struct
1266 {
1267 PVOID PreferredLanguages; /**< 0x17d0 / 0xfb8 */
1268 } W6, W7, W8, W80, W81;
1269 struct
1270 {
1271 BOOLEAN SafeThunkCall; /**< 0x17d0 / 0xfb8 */
1272 uint8_t BooleanSpare[3]; /**< 0x17d1 / 0xfb9 */
1273 /* End of TEB in W52 (Windows server 2003)! */
1274 } W52;
1275 } Diff9;
1276 PVOID UserPrefLanguages; /**< 0x17d8 / 0xfbc */
1277 PVOID MergedPrefLanguages; /**< 0x17e0 / 0xfc0 */
1278 uint32_t MuiImpersonation; /**< 0x17e8 / 0xfc4 */
1279 union
1280 {
1281 uint16_t CrossTebFlags; /**< 0x17ec / 0xfc8 */
1282 struct
1283 {
1284 uint16_t SpareCrossTebBits : 16; /**< 0x17ec / 0xfc8 : Pos 0, 16 Bits */
1285 };
1286 };
1287 union
1288 {
1289 uint16_t SameTebFlags; /**< 0x17ee / 0xfca */
1290 struct
1291 {
1292 uint16_t SafeThunkCall : 1; /**< 0x17ee / 0xfca : Pos 0, 1 Bit */
1293 uint16_t InDebugPrint : 1; /**< 0x17ee / 0xfca : Pos 1, 1 Bit */
1294 uint16_t HasFiberData : 1; /**< 0x17ee / 0xfca : Pos 2, 1 Bit */
1295 uint16_t SkipThreadAttach : 1; /**< 0x17ee / 0xfca : Pos 3, 1 Bit */
1296 uint16_t WerInShipAssertCode : 1; /**< 0x17ee / 0xfca : Pos 4, 1 Bit */
1297 uint16_t RanProcessInit : 1; /**< 0x17ee / 0xfca : Pos 5, 1 Bit */
1298 uint16_t ClonedThread : 1; /**< 0x17ee / 0xfca : Pos 6, 1 Bit */
1299 uint16_t SuppressDebugMsg : 1; /**< 0x17ee / 0xfca : Pos 7, 1 Bit */
1300 } Common;
1301 struct
1302 {
1303 uint16_t SafeThunkCall : 1; /**< 0x17ee / 0xfca : Pos 0, 1 Bit */
1304 uint16_t InDebugPrint : 1; /**< 0x17ee / 0xfca : Pos 1, 1 Bit */
1305 uint16_t HasFiberData : 1; /**< 0x17ee / 0xfca : Pos 2, 1 Bit */
1306 uint16_t SkipThreadAttach : 1; /**< 0x17ee / 0xfca : Pos 3, 1 Bit */
1307 uint16_t WerInShipAssertCode : 1; /**< 0x17ee / 0xfca : Pos 4, 1 Bit */
1308 uint16_t RanProcessInit : 1; /**< 0x17ee / 0xfca : Pos 5, 1 Bit */
1309 uint16_t ClonedThread : 1; /**< 0x17ee / 0xfca : Pos 6, 1 Bit */
1310 uint16_t SuppressDebugMsg : 1; /**< 0x17ee / 0xfca : Pos 7, 1 Bit */
1311 uint16_t DisableUserStackWalk : 1; /**< 0x17ee / 0xfca : Pos 8, 1 Bit */
1312 uint16_t RtlExceptionAttached : 1; /**< 0x17ee / 0xfca : Pos 9, 1 Bit */
1313 uint16_t InitialThread : 1; /**< 0x17ee / 0xfca : Pos 10, 1 Bit */
1314 uint16_t SessionAware : 1; /**< 0x17ee / 0xfca : Pos 11, 1 Bit - New Since W7. */
1315 uint16_t SpareSameTebBits : 4; /**< 0x17ee / 0xfca : Pos 12, 4 Bits */
1316 } W8, W80, W81;
1317 struct
1318 {
1319 uint16_t SafeThunkCall : 1; /**< 0x17ee / 0xfca : Pos 0, 1 Bit */
1320 uint16_t InDebugPrint : 1; /**< 0x17ee / 0xfca : Pos 1, 1 Bit */
1321 uint16_t HasFiberData : 1; /**< 0x17ee / 0xfca : Pos 2, 1 Bit */
1322 uint16_t SkipThreadAttach : 1; /**< 0x17ee / 0xfca : Pos 3, 1 Bit */
1323 uint16_t WerInShipAssertCode : 1; /**< 0x17ee / 0xfca : Pos 4, 1 Bit */
1324 uint16_t RanProcessInit : 1; /**< 0x17ee / 0xfca : Pos 5, 1 Bit */
1325 uint16_t ClonedThread : 1; /**< 0x17ee / 0xfca : Pos 6, 1 Bit */
1326 uint16_t SuppressDebugMsg : 1; /**< 0x17ee / 0xfca : Pos 7, 1 Bit */
1327 uint16_t DisableUserStackWalk : 1; /**< 0x17ee / 0xfca : Pos 8, 1 Bit */
1328 uint16_t RtlExceptionAttached : 1; /**< 0x17ee / 0xfca : Pos 9, 1 Bit */
1329 uint16_t InitialThread : 1; /**< 0x17ee / 0xfca : Pos 10, 1 Bit */
1330 uint16_t SpareSameTebBits : 5; /**< 0x17ee / 0xfca : Pos 12, 4 Bits */
1331 } W7;
1332 struct
1333 {
1334 uint16_t DbgSafeThunkCall : 1; /**< 0x17ee / 0xfca : Pos 0, 1 Bit */
1335 uint16_t DbgInDebugPrint : 1; /**< 0x17ee / 0xfca : Pos 1, 1 Bit */
1336 uint16_t DbgHasFiberData : 1; /**< 0x17ee / 0xfca : Pos 2, 1 Bit */
1337 uint16_t DbgSkipThreadAttach : 1; /**< 0x17ee / 0xfca : Pos 3, 1 Bit */
1338 uint16_t DbgWerInShipAssertCode : 1; /**< 0x17ee / 0xfca : Pos 4, 1 Bit */
1339 uint16_t DbgRanProcessInit : 1; /**< 0x17ee / 0xfca : Pos 5, 1 Bit */
1340 uint16_t DbgClonedThread : 1; /**< 0x17ee / 0xfca : Pos 6, 1 Bit */
1341 uint16_t DbgSuppressDebugMsg : 1; /**< 0x17ee / 0xfca : Pos 7, 1 Bit */
1342 uint16_t SpareSameTebBits : 8; /**< 0x17ee / 0xfca : Pos 8, 8 Bits */
1343 } W6;
1344 } Diff10;
1345 PVOID TxnScopeEnterCallback; /**< 0x17f0 / 0xfcc */
1346 PVOID TxnScopeExitCallback; /**< 0x17f8 / 0xfd0 */
1347 PVOID TxnScopeContext; /**< 0x1800 / 0xfd4 */
1348 uint32_t LockCount; /**< 0x1808 / 0xfd8 */
1349 union
1350 {
1351 struct
1352 {
1353 uint32_t SpareUlong0; /**< 0x180c / 0xfdc */
1354 } W7, W8, W80, W81;
1355 struct
1356 {
1357 uint32_t ProcessRundown;
1358 } W6;
1359 } Diff11;
1360 union
1361 {
1362 struct
1363 {
1364 PVOID ResourceRetValue; /**< 0x1810 / 0xfe0 */
1365 /* End of TEB in W7 (windows 7)! */
1366 PVOID ReservedForWdf; /**< 0x1818 / 0xfe4 - New Since W7. */
1367 /* End of TEB in W8 (windows 8.0 & 8.1)! */
1368 } W8, W80, W81;
1369 struct
1370 {
1371 PVOID ResourceRetValue; /**< 0x1810 / 0xfe0 */
1372 } W7;
1373 struct
1374 {
1375 uint64_t LastSwitchTime; /**< 0x1810 / 0xfe0 */
1376 uint64_t TotalSwitchOutTime; /**< 0x1818 / 0xfe8 */
1377 LARGE_INTEGER WaitReasonBitMap; /**< 0x1820 / 0xff0 */
1378 /* End of TEB in W6 (windows Vista)! */
1379 } W6;
1380 } Diff12;
1381} TEB_COMMON;
1382typedef TEB_COMMON *PTEB_COMMON;
1383AssertCompileMemberOffset(TEB_COMMON, ExceptionCode, ARCH_BITS == 64 ? 0x2c0 : 0x1a4);
1384AssertCompileMemberOffset(TEB_COMMON, LastStatusValue, ARCH_BITS == 64 ? 0x1250 : 0xbf4);
1385AssertCompileMemberOffset(TEB_COMMON, DeallocationStack, ARCH_BITS == 64 ? 0x1478 : 0xe0c);
1386AssertCompileMemberOffset(TEB_COMMON, ReservedForNtRpc, ARCH_BITS == 64 ? 0x1698 : 0xf1c);
1387AssertCompileMemberOffset(TEB_COMMON, Instrumentation, ARCH_BITS == 64 ? 0x16b8 : 0xf2c);
1388AssertCompileMemberOffset(TEB_COMMON, Diff2, ARCH_BITS == 64 ? 0x1710 : 0xf50);
1389AssertCompileMemberOffset(TEB_COMMON, Diff3, ARCH_BITS == 64 ? 0x1728 : 0xf64);
1390AssertCompileMemberOffset(TEB_COMMON, Diff4, ARCH_BITS == 64 ? 0x1730 : 0xf68);
1391AssertCompileMemberOffset(TEB_COMMON, WinSockData, ARCH_BITS == 64 ? 0x1738 : 0xf6c);
1392AssertCompileMemberOffset(TEB_COMMON, GuaranteedStackBytes, ARCH_BITS == 64 ? 0x1748 : 0xf78);
1393AssertCompileMemberOffset(TEB_COMMON, MuiImpersonation, ARCH_BITS == 64 ? 0x17e8 : 0xfc4);
1394AssertCompileMemberOffset(TEB_COMMON, LockCount, ARCH_BITS == 64 ? 0x1808 : 0xfd8);
1395AssertCompileSize(TEB_COMMON, ARCH_BITS == 64 ? 0x1828 : 0xff8);
1396
1397
1398/** The size of the windows 8.1 PEB structure. */
1399#define TEB_SIZE_W81 ( RT_UOFFSETOF(TEB_COMMON, Diff12.W8.ReservedForWdf) + sizeof(PVOID) )
1400/** The size of the windows 8.0 PEB structure. */
1401#define TEB_SIZE_W80 ( RT_UOFFSETOF(TEB_COMMON, Diff12.W8.ReservedForWdf) + sizeof(PVOID) )
1402/** The size of the windows 7 PEB structure. */
1403#define TEB_SIZE_W7 RT_UOFFSETOF(TEB_COMMON, Diff12.W8.ReservedForWdf)
1404/** The size of the windows vista PEB structure. */
1405#define TEB_SIZE_W6 ( RT_UOFFSETOF(TEB_COMMON, Diff12.W6.WaitReasonBitMap) + sizeof(LARGE_INTEGER) )
1406/** The size of the windows server 2003 PEB structure. */
1407#define TEB_SIZE_W52 RT_ALIGN_Z(RT_UOFFSETOF(TEB_COMMON, Diff9.W52.BooleanSpare), sizeof(PVOID))
1408/** The size of the windows XP PEB structure. */
1409#define TEB_SIZE_W51 RT_UOFFSETOF(TEB_COMMON, FlsData)
1410
1411
1412
1413#define _PEB _PEB_COMMON
1414typedef PEB_COMMON PEB;
1415typedef PPEB_COMMON PPEB;
1416
1417#define _TEB _TEB_COMMON
1418typedef TEB_COMMON TEB;
1419typedef PTEB_COMMON PTEB;
1420
1421#if !defined(NtCurrentTeb) && !defined(IPRT_NT_HAVE_CURRENT_TEB_MACRO)
1422# ifdef RT_ARCH_X86
1423DECL_FORCE_INLINE(PTEB) RTNtCurrentTeb(void) { return (PTEB)__readfsdword(RT_OFFSETOF(TEB_COMMON, NtTib.Self)); }
1424DECL_FORCE_INLINE(PPEB) RTNtCurrentPeb(void) { return (PPEB)__readfsdword(RT_OFFSETOF(TEB_COMMON, ProcessEnvironmentBlock)); }
1425DECL_FORCE_INLINE(uint32_t) RTNtCurrentThreadId(void) { return __readfsdword(RT_OFFSETOF(TEB_COMMON, ClientId.UniqueThread)); }
1426# elif defined(RT_ARCH_AMD64)
1427DECL_FORCE_INLINE(PTEB) RTNtCurrentTeb(void) { return (PTEB)__readgsqword(RT_OFFSETOF(TEB_COMMON, NtTib.Self)); }
1428DECL_FORCE_INLINE(PPEB) RTNtCurrentPeb(void) { return (PPEB)__readgsqword(RT_OFFSETOF(TEB_COMMON, ProcessEnvironmentBlock)); }
1429DECL_FORCE_INLINE(uint32_t) RTNtCurrentThreadId(void) { return (uint32_t)__readgsqword(RT_OFFSETOF(TEB_COMMON, ClientId.UniqueThread)); }
1430# else
1431# error "Port me"
1432# endif
1433#else
1434# define RTNtCurrentTeb() ((PTEB)NtCurrentTeb())
1435# define RTNtCurrentPeb() (RTNtCurrentTeb()->ProcessEnvironmentBlock)
1436# define RTNtCurrentThreadId() ((uint32_t)(uintptr_t)RTNtCurrentTeb()->ClientId.UniqueThread)
1437#endif
1438#define NtCurrentPeb() RTNtCurrentPeb()
1439
1440
1441/** @} */
1442
1443
1444#ifdef IPRT_NT_USE_WINTERNL
1445NTSYSAPI NTSTATUS NTAPI NtCreateSection(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PLARGE_INTEGER, ULONG, ULONG, HANDLE);
1446NTSYSAPI NTSTATUS NTAPI NtUnmapViewOfSection(HANDLE, PVOID);
1447typedef enum _SECTION_INHERIT
1448{
1449 ViewShare = 1,
1450 ViewUnmap
1451} SECTION_INHERIT;
1452NTSYSAPI NTSTATUS NTAPI NtMapViewOfSection(HANDLE, HANDLE, PVOID *, ULONG, SIZE_T, PLARGE_INTEGER, PSIZE_T, SECTION_INHERIT,
1453 ULONG, ULONG);
1454
1455
1456typedef struct _FILE_FS_ATTRIBUTE_INFORMATION
1457{
1458 ULONG FileSystemAttributes;
1459 LONG MaximumComponentNameLength;
1460 ULONG FileSystemNameLength;
1461 WCHAR FileSystemName[1];
1462} FILE_FS_ATTRIBUTE_INFORMATION;
1463typedef FILE_FS_ATTRIBUTE_INFORMATION *PFILE_FS_ATTRIBUTE_INFORMATION;
1464
1465NTSYSAPI NTSTATUS NTAPI NtOpenProcess(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PCLIENT_ID);
1466NTSYSAPI NTSTATUS NTAPI NtOpenProcessToken(HANDLE, ACCESS_MASK, PHANDLE);
1467NTSYSAPI NTSTATUS NTAPI NtOpenThread(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PCLIENT_ID);
1468NTSYSAPI NTSTATUS NTAPI NtOpenThreadToken(HANDLE, ACCESS_MASK, BOOLEAN, PHANDLE);
1469
1470typedef enum _FSINFOCLASS
1471{
1472 FileFsVolumeInformation = 1,
1473 FileFsLabelInformation,
1474 FileFsSizeInformation,
1475 FileFsDeviceInformation,
1476 FileFsAttributeInformation,
1477 FileFsControlInformation,
1478 FileFsFullSizeInformation,
1479 FileFsObjectIdInformation,
1480 FileFsDriverPathInformation,
1481 FileFsVolumeFlagsInformation,
1482 FileFsSectorSizeInformation,
1483 FileFsDataCopyInformation,
1484 FileFsMaximumInformation
1485} FS_INFORMATION_CLASS;
1486typedef FS_INFORMATION_CLASS *PFS_INFORMATION_CLASS;
1487NTSYSAPI NTSTATUS NTAPI NtQueryVolumeInformationFile(HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FS_INFORMATION_CLASS);
1488
1489typedef struct _FILE_BOTH_DIR_INFORMATION
1490{
1491 ULONG NextEntryOffset;
1492 ULONG FileIndex;
1493 LARGE_INTEGER CreationTime;
1494 LARGE_INTEGER LastAccessTime;
1495 LARGE_INTEGER LastWriteTime;
1496 LARGE_INTEGER ChangeTime;
1497 LARGE_INTEGER EndOfFile;
1498 LARGE_INTEGER AllocationSize;
1499 ULONG FileAttributes;
1500 ULONG FileNameLength;
1501 ULONG EaSize;
1502 CCHAR ShortNameLength;
1503 WCHAR ShortName[12];
1504 WCHAR FileName[1];
1505} FILE_BOTH_DIR_INFORMATION;
1506typedef FILE_BOTH_DIR_INFORMATION *PFILE_BOTH_DIR_INFORMATION;
1507typedef struct _FILE_BASIC_INFORMATION
1508{
1509 LARGE_INTEGER CreationTime;
1510 LARGE_INTEGER LastAccessTime;
1511 LARGE_INTEGER LastWriteTime;
1512 LARGE_INTEGER ChangeTime;
1513 ULONG FileAttributes;
1514} FILE_BASIC_INFORMATION;
1515typedef FILE_BASIC_INFORMATION *PFILE_BASIC_INFORMATION;
1516typedef struct _FILE_STANDARD_INFORMATION
1517{
1518 LARGE_INTEGER AllocationSize;
1519 LARGE_INTEGER EndOfFile;
1520 ULONG NumberOfLinks;
1521 BOOLEAN DeletePending;
1522 BOOLEAN Directory;
1523} FILE_STANDARD_INFORMATION;
1524typedef FILE_STANDARD_INFORMATION *PFILE_STANDARD_INFORMATION;
1525typedef struct _FILE_NAME_INFORMATION
1526{
1527 ULONG FileNameLength;
1528 WCHAR FileName[1];
1529} FILE_NAME_INFORMATION;
1530typedef FILE_NAME_INFORMATION *PFILE_NAME_INFORMATION;
1531typedef enum _FILE_INFORMATION_CLASS
1532{
1533 FileDirectoryInformation = 1,
1534 FileFullDirectoryInformation,
1535 FileBothDirectoryInformation,
1536 FileBasicInformation,
1537 FileStandardInformation,
1538 FileInternalInformation,
1539 FileEaInformation,
1540 FileAccessInformation,
1541 FileNameInformation,
1542 FileRenameInformation,
1543 FileLinkInformation,
1544 FileNamesInformation,
1545 FileDispositionInformation,
1546 FilePositionInformation,
1547 FileFullEaInformation,
1548 FileModeInformation,
1549 FileAlignmentInformation,
1550 FileAllInformation,
1551 FileAllocationInformation,
1552 FileEndOfFileInformation,
1553 FileAlternateNameInformation,
1554 FileStreamInformation,
1555 FilePipeInformation,
1556 FilePipeLocalInformation,
1557 FilePipeRemoteInformation,
1558 FileMailslotQueryInformation,
1559 FileMailslotSetInformation,
1560 FileCompressionInformation,
1561 FileObjectIdInformation,
1562 FileCompletionInformation,
1563 FileMoveClusterInformation,
1564 FileQuotaInformation,
1565 FileReparsePointInformation,
1566 FileNetworkOpenInformation,
1567 FileAttributeTagInformation,
1568 FileTrackingInformation,
1569 FileIdBothDirectoryInformation,
1570 FileIdFullDirectoryInformation,
1571 FileValidDataLengthInformation,
1572 FileShortNameInformation,
1573 FileIoCompletionNotificationInformation,
1574 FileIoStatusBlockRangeInformation,
1575 FileIoPriorityHintInformation,
1576 FileSfioReserveInformation,
1577 FileSfioVolumeInformation,
1578 FileHardLinkInformation,
1579 FileProcessIdsUsingFileInformation,
1580 FileNormalizedNameInformation,
1581 FileNetworkPhysicalNameInformation,
1582 FileIdGlobalTxDirectoryInformation,
1583 FileIsRemoteDeviceInformation,
1584 FileUnusedInformation,
1585 FileNumaNodeInformation,
1586 FileStandardLinkInformation,
1587 FileRemoteProtocolInformation,
1588 FileRenameInformationBypassAccessCheck,
1589 FileLinkInformationBypassAccessCheck,
1590 FileVolumeNameInformation,
1591 FileIdInformation,
1592 FileIdExtdDirectoryInformation,
1593 FileReplaceCompletionInformation,
1594 FileHardLinkFullIdInformation,
1595 FileMaximumInformation
1596} FILE_INFORMATION_CLASS;
1597typedef FILE_INFORMATION_CLASS *PFILE_INFORMATION_CLASS;
1598NTSYSAPI NTSTATUS NTAPI NtQueryInformationFile(HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FILE_INFORMATION_CLASS);
1599NTSYSAPI NTSTATUS NTAPI NtQueryDirectoryFile(HANDLE, HANDLE, PIO_APC_ROUTINE, PVOID, PIO_STATUS_BLOCK, PVOID, ULONG,
1600 FILE_INFORMATION_CLASS, BOOLEAN, PUNICODE_STRING, BOOLEAN);
1601
1602/** For use with KeyBasicInformation. */
1603typedef struct _KEY_BASIC_INFORMATION
1604{
1605 LARGE_INTEGER LastWriteTime;
1606 ULONG TitleIndex;
1607 ULONG NameLength;
1608 WCHAR Name[1];
1609} KEY_BASIC_INFORMATION;
1610typedef KEY_BASIC_INFORMATION *PKEY_BASIC_INFORMATION;
1611
1612/** For use with KeyNodeInformation. */
1613typedef struct _KEY_NODE_INFORMATION
1614{
1615 LARGE_INTEGER LastWriteTime;
1616 ULONG TitleIndex;
1617 ULONG ClassOffset; /**< Offset from the start of the structure. */
1618 ULONG ClassLength;
1619 ULONG NameLength;
1620 WCHAR Name[1];
1621} KEY_NODE_INFORMATION;
1622typedef KEY_NODE_INFORMATION *PKEY_NODE_INFORMATION;
1623
1624/** For use with KeyFullInformation. */
1625typedef struct _KEY_FULL_INFORMATION
1626{
1627 LARGE_INTEGER LastWriteTime;
1628 ULONG TitleIndex;
1629 ULONG ClassOffset; /**< Offset of the Class member. */
1630 ULONG ClassLength;
1631 ULONG SubKeys;
1632 ULONG MaxNameLen;
1633 ULONG MaxClassLen;
1634 ULONG Values;
1635 ULONG MaxValueNameLen;
1636 ULONG MaxValueDataLen;
1637 WCHAR Class[1];
1638} KEY_FULL_INFORMATION;
1639typedef KEY_FULL_INFORMATION *PKEY_FULL_INFORMATION;
1640
1641/** For use with KeyNameInformation. */
1642typedef struct _KEY_NAME_INFORMATION
1643{
1644 ULONG NameLength;
1645 WCHAR Name[1];
1646} KEY_NAME_INFORMATION;
1647typedef KEY_NAME_INFORMATION *PKEY_NAME_INFORMATION;
1648
1649/** For use with KeyCachedInformation. */
1650typedef struct _KEY_CACHED_INFORMATION
1651{
1652 LARGE_INTEGER LastWriteTime;
1653 ULONG TitleIndex;
1654 ULONG SubKeys;
1655 ULONG MaxNameLen;
1656 ULONG Values;
1657 ULONG MaxValueNameLen;
1658 ULONG MaxValueDataLen;
1659 ULONG NameLength;
1660} KEY_CACHED_INFORMATION;
1661typedef KEY_CACHED_INFORMATION *PKEY_CACHED_INFORMATION;
1662
1663/** For use with KeyVirtualizationInformation. */
1664typedef struct _KEY_VIRTUALIZATION_INFORMATION
1665{
1666 ULONG VirtualizationCandidate : 1;
1667 ULONG VirtualizationEnabled : 1;
1668 ULONG VirtualTarget : 1;
1669 ULONG VirtualStore : 1;
1670 ULONG VirtualSource : 1;
1671 ULONG Reserved : 27;
1672} KEY_VIRTUALIZATION_INFORMATION;
1673typedef KEY_VIRTUALIZATION_INFORMATION *PKEY_VIRTUALIZATION_INFORMATION;
1674
1675typedef enum _KEY_INFORMATION_CLASS
1676{
1677 KeyBasicInformation = 0,
1678 KeyNodeInformation,
1679 KeyFullInformation,
1680 KeyNameInformation,
1681 KeyCachedInformation,
1682 KeyFlagsInformation,
1683 KeyVirtualizationInformation,
1684 KeyHandleTagsInformation,
1685 MaxKeyInfoClass
1686} KEY_INFORMATION_CLASS;
1687NTSYSAPI NTSTATUS NTAPI NtQueryKey(HANDLE, KEY_INFORMATION_CLASS, PVOID, ULONG, PULONG);
1688NTSYSAPI NTSTATUS NTAPI NtEnumerateKey(HANDLE, ULONG, KEY_INFORMATION_CLASS, PVOID, ULONG, PULONG);
1689
1690typedef struct _MEMORY_SECTION_NAME
1691{
1692 UNICODE_STRING SectionFileName;
1693 WCHAR NameBuffer[1];
1694} MEMORY_SECTION_NAME;
1695
1696#ifdef IPRT_NT_USE_WINTERNL
1697typedef struct _PROCESS_BASIC_INFORMATION
1698{
1699 NTSTATUS ExitStatus;
1700 PPEB PebBaseAddress;
1701 ULONG_PTR AffinityMask;
1702 int32_t BasePriority;
1703 ULONG_PTR UniqueProcessId;
1704 ULONG_PTR InheritedFromUniqueProcessId;
1705} PROCESS_BASIC_INFORMATION;
1706typedef PROCESS_BASIC_INFORMATION *PPROCESS_BASIC_INFORMATION;
1707#endif
1708
1709typedef enum _PROCESSINFOCLASS
1710{
1711 ProcessBasicInformation = 0, /**< 0 / 0x00 */
1712 ProcessQuotaLimits, /**< 1 / 0x01 */
1713 ProcessIoCounters, /**< 2 / 0x02 */
1714 ProcessVmCounters, /**< 3 / 0x03 */
1715 ProcessTimes, /**< 4 / 0x04 */
1716 ProcessBasePriority, /**< 5 / 0x05 */
1717 ProcessRaisePriority, /**< 6 / 0x06 */
1718 ProcessDebugPort, /**< 7 / 0x07 */
1719 ProcessExceptionPort, /**< 8 / 0x08 */
1720 ProcessAccessToken, /**< 9 / 0x09 */
1721 ProcessLdtInformation, /**< 10 / 0x0a */
1722 ProcessLdtSize, /**< 11 / 0x0b */
1723 ProcessDefaultHardErrorMode, /**< 12 / 0x0c */
1724 ProcessIoPortHandlers, /**< 13 / 0x0d */
1725 ProcessPooledUsageAndLimits, /**< 14 / 0x0e */
1726 ProcessWorkingSetWatch, /**< 15 / 0x0f */
1727 ProcessUserModeIOPL, /**< 16 / 0x10 */
1728 ProcessEnableAlignmentFaultFixup, /**< 17 / 0x11 */
1729 ProcessPriorityClass, /**< 18 / 0x12 */
1730 ProcessWx86Information, /**< 19 / 0x13 */
1731 ProcessHandleCount, /**< 20 / 0x14 */
1732 ProcessAffinityMask, /**< 21 / 0x15 */
1733 ProcessPriorityBoost, /**< 22 / 0x16 */
1734 ProcessDeviceMap, /**< 23 / 0x17 */
1735 ProcessSessionInformation, /**< 24 / 0x18 */
1736 ProcessForegroundInformation, /**< 25 / 0x19 */
1737 ProcessWow64Information, /**< 26 / 0x1a */
1738 ProcessImageFileName, /**< 27 / 0x1b */
1739 ProcessLUIDDeviceMapsEnabled, /**< 28 / 0x1c */
1740 ProcessBreakOnTermination, /**< 29 / 0x1d */
1741 ProcessDebugObjectHandle, /**< 30 / 0x1e */
1742 ProcessDebugFlags, /**< 31 / 0x1f */
1743 ProcessHandleTracing, /**< 32 / 0x20 */
1744 ProcessIoPriority, /**< 33 / 0x21 */
1745 ProcessExecuteFlags, /**< 34 / 0x22 */
1746 ProcessTlsInformation, /**< 35 / 0x23 */
1747 ProcessCookie, /**< 36 / 0x24 */
1748 ProcessImageInformation, /**< 37 / 0x25 */
1749 ProcessCycleTime, /**< 38 / 0x26 */
1750 ProcessPagePriority, /**< 39 / 0x27 */
1751 ProcessInstrumentationCallbak, /**< 40 / 0x28 */
1752 ProcessThreadStackAllocation, /**< 41 / 0x29 */
1753 ProcessWorkingSetWatchEx, /**< 42 / 0x2a */
1754 ProcessImageFileNameWin32, /**< 43 / 0x2b */
1755 ProcessImageFileMapping, /**< 44 / 0x2c */
1756 ProcessAffinityUpdateMode, /**< 45 / 0x2d */
1757 ProcessMemoryAllocationMode, /**< 46 / 0x2e */
1758 ProcessGroupInformation, /**< 47 / 0x2f */
1759 ProcessTokenVirtualizationEnabled, /**< 48 / 0x30 */
1760 ProcessConsoleHostProcess, /**< 49 / 0x31 */
1761 ProcessWindowsInformation, /**< 50 / 0x32 */
1762 ProcessUnknown51,
1763 ProcessUnknown52,
1764 ProcessUnknown53,
1765 ProcessUnknown54,
1766 ProcessUnknown55,
1767 ProcessUnknown56,
1768 ProcessUnknown57,
1769 ProcessUnknown58,
1770 ProcessUnknown59,
1771 ProcessUnknown60,
1772 ProcessUnknown61,
1773 ProcessUnknown62,
1774 ProcessUnknown63,
1775 ProcessUnknown64,
1776 ProcessUnknown65,
1777 ProcessUnknown66,
1778 ProcessMaybe_KeSetCpuSetsProcess, /**< 67 / 0x43 - is correct, then PROCESS_SET_LIMITED_INFORMATION & audiog.exe; W10. */
1779 MaxProcessInfoClass /**< 68 / 0x44 */
1780} PROCESSINFOCLASS;
1781NTSYSAPI NTSTATUS NTAPI NtQueryInformationProcess(HANDLE, PROCESSINFOCLASS, PVOID, ULONG, PULONG);
1782
1783typedef enum _THREADINFOCLASS
1784{
1785 ThreadBasicInformation = 0,
1786 ThreadTimes,
1787 ThreadPriority,
1788 ThreadBasePriority,
1789 ThreadAffinityMask,
1790 ThreadImpersonationToken,
1791 ThreadDescriptorTableEntry,
1792 ThreadEnableAlignmentFaultFixup,
1793 ThreadEventPair_Reusable,
1794 ThreadQuerySetWin32StartAddress,
1795 ThreadZeroTlsCell,
1796 ThreadPerformanceCount,
1797 ThreadAmILastThread,
1798 ThreadIdealProcessor,
1799 ThreadPriorityBoost,
1800 ThreadSetTlsArrayAddress,
1801 ThreadIsIoPending,
1802 ThreadHideFromDebugger,
1803 ThreadBreakOnTermination,
1804 ThreadSwitchLegacyState,
1805 ThreadIsTerminated,
1806 ThreadLastSystemCall,
1807 ThreadIoPriority,
1808 ThreadCycleTime,
1809 ThreadPagePriority,
1810 ThreadActualBasePriority,
1811 ThreadTebInformation,
1812 ThreadCSwitchMon,
1813 ThreadCSwitchPmu,
1814 ThreadWow64Context,
1815 ThreadGroupInformation,
1816 ThreadUmsInformation,
1817 ThreadCounterProfiling,
1818 ThreadIdealProcessorEx,
1819 ThreadCpuAccountingInformation,
1820 MaxThreadInfoClass
1821} THREADINFOCLASS;
1822NTSYSAPI NTSTATUS NTAPI NtSetInformationThread(HANDLE, THREADINFOCLASS, LPCVOID, ULONG);
1823
1824NTSYSAPI NTSTATUS NTAPI NtQueryInformationToken(HANDLE, TOKEN_INFORMATION_CLASS, PVOID, ULONG, PULONG);
1825
1826NTSYSAPI NTSTATUS NTAPI NtReadFile(HANDLE, HANDLE, PIO_APC_ROUTINE, PVOID, PIO_STATUS_BLOCK, PVOID, ULONG, PLARGE_INTEGER, PULONG);
1827NTSYSAPI NTSTATUS NTAPI NtWriteFile(HANDLE, HANDLE, PIO_APC_ROUTINE, void const *, PIO_STATUS_BLOCK, PVOID, ULONG, PLARGE_INTEGER, PULONG);
1828NTSYSAPI NTSTATUS NTAPI NtFlushBuffersFile(HANDLE, PIO_STATUS_BLOCK);
1829
1830NTSYSAPI NTSTATUS NTAPI NtReadVirtualMemory(HANDLE, PVOID, PVOID, SIZE_T, PSIZE_T);
1831NTSYSAPI NTSTATUS NTAPI NtWriteVirtualMemory(HANDLE, PVOID, void const *, SIZE_T, PSIZE_T);
1832
1833NTSYSAPI NTSTATUS NTAPI RtlAddAccessAllowedAce(PACL, ULONG, ULONG, PSID);
1834NTSYSAPI NTSTATUS NTAPI RtlCopySid(ULONG, PSID, PSID);
1835NTSYSAPI NTSTATUS NTAPI RtlCreateAcl(PACL, ULONG, ULONG);
1836NTSYSAPI NTSTATUS NTAPI RtlCreateSecurityDescriptor(PSECURITY_DESCRIPTOR, ULONG);
1837NTSYSAPI BOOLEAN NTAPI RtlEqualSid(PSID, PSID);
1838NTSYSAPI NTSTATUS NTAPI RtlGetVersion(PRTL_OSVERSIONINFOW);
1839NTSYSAPI NTSTATUS NTAPI RtlInitializeSid(PSID, PSID_IDENTIFIER_AUTHORITY, UCHAR);
1840NTSYSAPI NTSTATUS NTAPI RtlSetDaclSecurityDescriptor(PSECURITY_DESCRIPTOR, BOOLEAN, PACL, BOOLEAN);
1841NTSYSAPI PULONG NTAPI RtlSubAuthoritySid(PSID, ULONG);
1842
1843#endif /* IPRT_NT_USE_WINTERNL */
1844
1845typedef enum _OBJECT_INFORMATION_CLASS
1846{
1847 ObjectBasicInformation = 0,
1848 ObjectNameInformation,
1849 ObjectTypeInformation,
1850 ObjectAllInformation,
1851 ObjectDataInformation
1852} OBJECT_INFORMATION_CLASS;
1853typedef OBJECT_INFORMATION_CLASS *POBJECT_INFORMATION_CLASS;
1854#ifdef IN_RING0
1855# define NtQueryObject ZwQueryObject
1856#endif
1857NTSYSAPI NTSTATUS NTAPI NtQueryObject(HANDLE, OBJECT_INFORMATION_CLASS, PVOID, ULONG, PULONG);
1858NTSYSAPI NTSTATUS NTAPI NtSetInformationObject(HANDLE, OBJECT_INFORMATION_CLASS, PVOID, ULONG);
1859NTSYSAPI NTSTATUS NTAPI NtDuplicateObject(HANDLE, HANDLE, HANDLE, PHANDLE, ACCESS_MASK, ULONG, ULONG);
1860
1861NTSYSAPI NTSTATUS NTAPI NtOpenDirectoryObject(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
1862
1863typedef struct _OBJECT_DIRECTORY_INFORMATION
1864{
1865 UNICODE_STRING Name;
1866 UNICODE_STRING TypeName;
1867} OBJECT_DIRECTORY_INFORMATION;
1868typedef OBJECT_DIRECTORY_INFORMATION *POBJECT_DIRECTORY_INFORMATION;
1869NTSYSAPI NTSTATUS NTAPI NtQueryDirectoryObject(HANDLE, PVOID, ULONG, BOOLEAN, BOOLEAN, PULONG, PULONG);
1870
1871NTSYSAPI NTSTATUS NTAPI NtSuspendProcess(HANDLE);
1872NTSYSAPI NTSTATUS NTAPI NtResumeProcess(HANDLE);
1873/** @name ProcessDefaultHardErrorMode bit definitions.
1874 * @{ */
1875#define PROCESS_HARDERR_CRITICAL_ERROR UINT32_C(0x00000001) /**< Inverted from the win32 define. */
1876#define PROCESS_HARDERR_NO_GP_FAULT_ERROR UINT32_C(0x00000002)
1877#define PROCESS_HARDERR_NO_ALIGNMENT_FAULT_ERROR UINT32_C(0x00000004)
1878#define PROCESS_HARDERR_NO_OPEN_FILE_ERROR UINT32_C(0x00008000)
1879/** @} */
1880NTSYSAPI NTSTATUS NTAPI NtSetInformationProcess(HANDLE, PROCESSINFOCLASS, PVOID, ULONG);
1881NTSYSAPI NTSTATUS NTAPI NtTerminateProcess(HANDLE, LONG);
1882
1883/** Retured by ProcessImageInformation as well as NtQuerySection. */
1884typedef struct _SECTION_IMAGE_INFORMATION
1885{
1886 PVOID TransferAddress;
1887 ULONG ZeroBits;
1888 SIZE_T MaximumStackSize;
1889 SIZE_T CommittedStackSize;
1890 ULONG SubSystemType;
1891 union
1892 {
1893 struct
1894 {
1895 USHORT SubSystemMinorVersion;
1896 USHORT SubSystemMajorVersion;
1897 };
1898 ULONG SubSystemVersion;
1899 };
1900 ULONG GpValue;
1901 USHORT ImageCharacteristics;
1902 USHORT DllCharacteristics;
1903 USHORT Machine;
1904 BOOLEAN ImageContainsCode;
1905 union /**< Since Vista, used to be a spare BOOLEAN. */
1906 {
1907 struct
1908 {
1909 UCHAR ComPlusNativeRead : 1;
1910 UCHAR ComPlusILOnly : 1;
1911 UCHAR ImageDynamicallyRelocated : 1;
1912 UCHAR ImageMAppedFlat : 1;
1913 UCHAR Reserved : 4;
1914 };
1915 UCHAR ImageFlags;
1916 };
1917 ULONG LoaderFlags;
1918 ULONG ImageFileSize; /**< Since XP? */
1919 ULONG CheckSum; /**< Since Vista, Used to be a reserved/spare ULONG. */
1920} SECTION_IMAGE_INFORMATION;
1921typedef SECTION_IMAGE_INFORMATION *PSECTION_IMAGE_INFORMATION;
1922
1923typedef enum _SECTION_INFORMATION_CLASS
1924{
1925 SectionBasicInformation = 0,
1926 SectionImageInformation,
1927 MaxSectionInfoClass
1928} SECTION_INFORMATION_CLASS;
1929NTSYSAPI NTSTATUS NTAPI NtQuerySection(HANDLE, SECTION_INFORMATION_CLASS, PVOID, SIZE_T, PSIZE_T);
1930
1931NTSYSAPI NTSTATUS NTAPI NtCreateSymbolicLinkObject(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PUNICODE_STRING pTarget);
1932NTSYSAPI NTSTATUS NTAPI NtOpenSymbolicLinkObject(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
1933NTSYSAPI NTSTATUS NTAPI NtQuerySymbolicLinkObject(HANDLE, PUNICODE_STRING, PULONG);
1934#ifndef SYMBOLIC_LINK_QUERY
1935# define SYMBOLIC_LINK_QUERY UINT32_C(0x00000001)
1936#endif
1937#ifndef SYMBOLIC_LINK_ALL_ACCESS
1938# define SYMBOLIC_LINK_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | SYMBOLIC_LINK_QUERY)
1939#endif
1940
1941NTSYSAPI NTSTATUS NTAPI NtQueryInformationThread(HANDLE, THREADINFOCLASS, PVOID, ULONG, PULONG);
1942NTSYSAPI NTSTATUS NTAPI NtResumeThread(HANDLE, PULONG);
1943NTSYSAPI NTSTATUS NTAPI NtSuspendThread(HANDLE, PULONG);
1944NTSYSAPI NTSTATUS NTAPI NtTerminateThread(HANDLE, LONG);
1945NTSYSAPI NTSTATUS NTAPI NtGetContextThread(HANDLE, PCONTEXT);
1946NTSYSAPI NTSTATUS NTAPI NtSetContextThread(HANDLE, PCONTEXT);
1947
1948
1949#ifndef SEC_FILE
1950# define SEC_FILE UINT32_C(0x00800000)
1951#endif
1952#ifndef SEC_IMAGE
1953# define SEC_IMAGE UINT32_C(0x01000000)
1954#endif
1955#ifndef SEC_PROTECTED_IMAGE
1956# define SEC_PROTECTED_IMAGE UINT32_C(0x02000000)
1957#endif
1958#ifndef SEC_NOCACHE
1959# define SEC_NOCACHE UINT32_C(0x10000000)
1960#endif
1961#ifndef MEM_ROTATE
1962# define MEM_ROTATE UINT32_C(0x00800000)
1963#endif
1964typedef enum _MEMORY_INFORMATION_CLASS
1965{
1966 MemoryBasicInformation = 0,
1967 MemoryWorkingSetList,
1968 MemorySectionName,
1969 MemoryBasicVlmInformation
1970} MEMORY_INFORMATION_CLASS;
1971#ifdef IN_RING0
1972typedef struct _MEMORY_BASIC_INFORMATION
1973{
1974 PVOID BaseAddress;
1975 PVOID AllocationBase;
1976 ULONG AllocationProtect;
1977 SIZE_T RegionSize;
1978 ULONG State;
1979 ULONG Protect;
1980 ULONG Type;
1981} MEMORY_BASIC_INFORMATION;
1982typedef MEMORY_BASIC_INFORMATION *PMEMORY_BASIC_INFORMATION;
1983# define NtQueryVirtualMemory ZwQueryVirtualMemory
1984#endif
1985NTSYSAPI NTSTATUS NTAPI NtQueryVirtualMemory(HANDLE, void const *, MEMORY_INFORMATION_CLASS, PVOID, SIZE_T, PSIZE_T);
1986#ifdef IPRT_NT_USE_WINTERNL
1987NTSYSAPI NTSTATUS NTAPI NtAllocateVirtualMemory(HANDLE, PVOID *, ULONG, PSIZE_T, ULONG, ULONG);
1988#endif
1989NTSYSAPI NTSTATUS NTAPI NtFreeVirtualMemory(HANDLE, PVOID *, PSIZE_T, ULONG);
1990NTSYSAPI NTSTATUS NTAPI NtProtectVirtualMemory(HANDLE, PVOID *, PSIZE_T, ULONG, PULONG);
1991
1992typedef enum _SYSTEM_INFORMATION_CLASS
1993{
1994 SystemBasicInformation = 0,
1995 SystemCpuInformation,
1996 SystemPerformanceInformation,
1997 SystemTimeOfDayInformation,
1998 SystemInformation_Unknown_4,
1999 SystemProcessInformation,
2000 SystemInformation_Unknown_6,
2001 SystemInformation_Unknown_7,
2002 SystemProcessorPerformanceInformation,
2003 SystemInformation_Unknown_9,
2004 SystemInformation_Unknown_10,
2005 SystemModuleInformation,
2006 SystemInformation_Unknown_12,
2007 SystemInformation_Unknown_13,
2008 SystemInformation_Unknown_14,
2009 SystemInformation_Unknown_15,
2010 SystemHandleInformation,
2011 SystemInformation_Unknown_17,
2012 SystemPageFileInformation,
2013 SystemInformation_Unknown_19,
2014 SystemInformation_Unknown_20,
2015 SystemCacheInformation,
2016 SystemInformation_Unknown_22,
2017 SystemInterruptInformation,
2018 SystemDpcBehaviourInformation,
2019 SystemFullMemoryInformation,
2020 SystemLoadGdiDriverInformation, /* 26 */
2021 SystemUnloadGdiDriverInformation, /* 27 */
2022 SystemTimeAdjustmentInformation,
2023 SystemSummaryMemoryInformation,
2024 SystemInformation_Unknown_30,
2025 SystemInformation_Unknown_31,
2026 SystemInformation_Unknown_32,
2027 SystemExceptionInformation,
2028 SystemCrashDumpStateInformation,
2029 SystemKernelDebuggerInformation,
2030 SystemContextSwitchInformation,
2031 SystemRegistryQuotaInformation,
2032 SystemInformation_Unknown_38,
2033 SystemInformation_Unknown_39,
2034 SystemInformation_Unknown_40,
2035 SystemInformation_Unknown_41,
2036 SystemInformation_Unknown_42,
2037 SystemInformation_Unknown_43,
2038 SystemCurrentTimeZoneInformation,
2039 SystemLookasideInformation,
2040 SystemSetTimeSlipEvent,
2041 SystemCreateSession,
2042 SystemDeleteSession,
2043 SystemInformation_Unknown_49,
2044 SystemRangeStartInformation,
2045 SystemVerifierInformation,
2046 SystemInformation_Unknown_52,
2047 SystemSessionProcessInformation,
2048 SystemLoadGdiDriverInSystemSpaceInformation, /* 54 */
2049 SystemInformation_Unknown_55,
2050 SystemInformation_Unknown_56,
2051 SystemExtendedProcessInformation,
2052 SystemInformation_Unknown_58,
2053 SystemInformation_Unknown_59,
2054 SystemInformation_Unknown_60,
2055 SystemInformation_Unknown_61,
2056 SystemInformation_Unknown_62,
2057 SystemInformation_Unknown_63,
2058 SystemExtendedHandleInformation, /* 64 */
2059 SystemInformation_Unknown_65,
2060 SystemInformation_Unknown_66,
2061 SystemInformation_Unknown_67,
2062 SystemInformation_Unknown_68,
2063 SystemInformation_HotPatchInfo, /* 69 */
2064 SystemInformation_Unknown_70,
2065 SystemInformation_Unknown_71,
2066 SystemInformation_Unknown_72,
2067 SystemInformation_Unknown_73,
2068 SystemInformation_Unknown_74,
2069 SystemInformation_Unknown_75,
2070 SystemInformation_Unknown_76,
2071 SystemInformation_Unknown_77,
2072 SystemInformation_Unknown_78,
2073 SystemInformation_Unknown_79,
2074 SystemInformation_Unknown_80,
2075 SystemInformation_Unknown_81,
2076 SystemInformation_Unknown_82,
2077 SystemInformation_Unknown_83,
2078 SystemInformation_Unknown_84,
2079 SystemInformation_Unknown_85,
2080 SystemInformation_Unknown_86,
2081 SystemInformation_Unknown_87,
2082 SystemInformation_Unknown_88,
2083 SystemInformation_Unknown_89,
2084 SystemInformation_Unknown_90,
2085 SystemInformation_Unknown_91,
2086 SystemInformation_Unknown_92,
2087 SystemInformation_Unknown_93,
2088 SystemInformation_Unknown_94,
2089 SystemInformation_Unknown_95,
2090 SystemInformation_KiOpPrefetchPatchCount,
2091
2092 /** @todo fill gap. they've added a whole bunch of things */
2093 SystemPolicyInformation = 134,
2094 SystemInformationClassMax
2095} SYSTEM_INFORMATION_CLASS;
2096
2097#ifdef IPRT_NT_USE_WINTERNL
2098typedef struct _VM_COUNTERS
2099{
2100 SIZE_T PeakVirtualSize;
2101 SIZE_T VirtualSize;
2102 ULONG PageFaultCount;
2103 SIZE_T PeakWorkingSetSize;
2104 SIZE_T WorkingSetSize;
2105 SIZE_T QuotaPeakPagedPoolUsage;
2106 SIZE_T QuotaPagedPoolUsage;
2107 SIZE_T QuotaPeakNonPagedPoolUsage;
2108 SIZE_T QuotaNonPagedPoolUsage;
2109 SIZE_T PagefileUsage;
2110 SIZE_T PeakPagefileUsage;
2111} VM_COUNTERS;
2112typedef VM_COUNTERS *PVM_COUNTERS;
2113#endif
2114
2115#if 0
2116typedef struct _IO_COUNTERS
2117{
2118 ULONGLONG ReadOperationCount;
2119 ULONGLONG WriteOperationCount;
2120 ULONGLONG OtherOperationCount;
2121 ULONGLONG ReadTransferCount;
2122 ULONGLONG WriteTransferCount;
2123 ULONGLONG OtherTransferCount;
2124} IO_COUNTERS;
2125typedef IO_COUNTERS *PIO_COUNTERS;
2126#endif
2127
2128typedef struct _RTNT_SYSTEM_PROCESS_INFORMATION
2129{
2130 ULONG NextEntryOffset; /**< 0x00 / 0x00 */
2131 ULONG NumberOfThreads; /**< 0x04 / 0x04 */
2132 LARGE_INTEGER Reserved1[3]; /**< 0x08 / 0x08 */
2133 LARGE_INTEGER CreationTime; /**< 0x20 / 0x20 */
2134 LARGE_INTEGER UserTime; /**< 0x28 / 0x28 */
2135 LARGE_INTEGER KernelTime; /**< 0x30 / 0x30 */
2136 UNICODE_STRING ProcessName; /**< 0x38 / 0x38 Clean unicode encoding? */
2137 int32_t BasePriority; /**< 0x40 / 0x48 */
2138 HANDLE UniqueProcessId; /**< 0x44 / 0x50 */
2139 HANDLE ParentProcessId; /**< 0x48 / 0x58 */
2140 ULONG HandleCount; /**< 0x4c / 0x60 */
2141 ULONG Reserved2; /**< 0x50 / 0x64 Session ID? */
2142 ULONG_PTR Reserved3; /**< 0x54 / 0x68 */
2143 VM_COUNTERS VmCounters; /**< 0x58 / 0x70 */
2144 IO_COUNTERS IoCounters; /**< 0x88 / 0xd0 Might not be present in earlier windows versions. */
2145 /* After this follows the threads, then the ProcessName.Buffer. */
2146} RTNT_SYSTEM_PROCESS_INFORMATION;
2147typedef RTNT_SYSTEM_PROCESS_INFORMATION *PRTNT_SYSTEM_PROCESS_INFORMATION;
2148#ifndef IPRT_NT_USE_WINTERNL
2149typedef RTNT_SYSTEM_PROCESS_INFORMATION SYSTEM_PROCESS_INFORMATION;
2150typedef SYSTEM_PROCESS_INFORMATION *PSYSTEM_PROCESS_INFORMATION;
2151#endif
2152
2153typedef struct _SYSTEM_HANDLE_ENTRY_INFO
2154{
2155 USHORT UniqueProcessId;
2156 USHORT CreatorBackTraceIndex;
2157 UCHAR ObjectTypeIndex;
2158 UCHAR HandleAttributes;
2159 USHORT HandleValue;
2160 PVOID Object;
2161 ULONG GrantedAccess;
2162} SYSTEM_HANDLE_ENTRY_INFO;
2163typedef SYSTEM_HANDLE_ENTRY_INFO *PSYSTEM_HANDLE_ENTRY_INFO;
2164
2165/** Returned by SystemHandleInformation */
2166typedef struct _SYSTEM_HANDLE_INFORMATION
2167{
2168 ULONG NumberOfHandles;
2169 SYSTEM_HANDLE_ENTRY_INFO Handles[1];
2170} SYSTEM_HANDLE_INFORMATION;
2171typedef SYSTEM_HANDLE_INFORMATION *PSYSTEM_HANDLE_INFORMATION;
2172
2173/** Extended handle information entry.
2174 * @remarks 3 x PVOID + 4 x ULONG = 28 bytes on 32-bit / 40 bytes on 64-bit */
2175typedef struct _SYSTEM_HANDLE_ENTRY_INFO_EX
2176{
2177 PVOID Object;
2178 HANDLE UniqueProcessId;
2179 HANDLE HandleValue;
2180 ACCESS_MASK GrantedAccess;
2181 USHORT CreatorBackTraceIndex;
2182 USHORT ObjectTypeIndex;
2183 ULONG HandleAttributes;
2184 ULONG Reserved;
2185} SYSTEM_HANDLE_ENTRY_INFO_EX;
2186typedef SYSTEM_HANDLE_ENTRY_INFO_EX *PSYSTEM_HANDLE_ENTRY_INFO_EX;
2187
2188/** Returned by SystemExtendedHandleInformation. */
2189typedef struct _SYSTEM_HANDLE_INFORMATION_EX
2190{
2191 ULONG_PTR NumberOfHandles;
2192 ULONG_PTR Reserved;
2193 SYSTEM_HANDLE_ENTRY_INFO_EX Handles[1];
2194} SYSTEM_HANDLE_INFORMATION_EX;
2195typedef SYSTEM_HANDLE_INFORMATION_EX *PSYSTEM_HANDLE_INFORMATION_EX;
2196
2197/** Input to SystemSessionProcessInformation. */
2198typedef struct _SYSTEM_SESSION_PROCESS_INFORMATION
2199{
2200 ULONG SessionId;
2201 ULONG BufferLength;
2202 /** Return buffer, SYSTEM_PROCESS_INFORMATION entries. */
2203 PVOID Buffer;
2204} SYSTEM_SESSION_PROCESS_INFORMATION;
2205typedef SYSTEM_SESSION_PROCESS_INFORMATION *PSYSTEM_SESSION_PROCESS_INFORMATION;
2206
2207NTSYSAPI NTSTATUS NTAPI NtQuerySystemInformation(SYSTEM_INFORMATION_CLASS, PVOID, ULONG, PULONG);
2208
2209NTSYSAPI NTSTATUS NTAPI NtDelayExecution(BOOLEAN, PLARGE_INTEGER);
2210NTSYSAPI NTSTATUS NTAPI NtYieldExecution(void);
2211#ifndef IPRT_NT_USE_WINTERNL
2212NTSYSAPI NTSTATUS NTAPI NtWaitForSingleObject(HANDLE, BOOLEAN PLARGE_INTEGER);
2213#endif
2214typedef NTSYSAPI NTSTATUS (NTAPI *PFNNTWAITFORSINGLEOBJECT)(HANDLE, BOOLEAN, PLARGE_INTEGER);
2215typedef enum _OBJECT_WAIT_TYPE { WaitAllObjects = 0, WaitAnyObject = 1, ObjectWaitTypeHack = 0x7fffffff } OBJECT_WAIT_TYPE;
2216NTSYSAPI NTSTATUS NTAPI NtWaitForMultipleObjects(ULONG, PHANDLE, OBJECT_WAIT_TYPE, BOOLEAN, PLARGE_INTEGER);
2217
2218NTSYSAPI NTSTATUS NTAPI NtQuerySecurityObject(HANDLE, ULONG, PSECURITY_DESCRIPTOR, ULONG, PULONG);
2219
2220#ifdef IPRT_NT_USE_WINTERNL
2221typedef enum _EVENT_TYPE
2222{
2223 /* Manual reset event. */
2224 NotificationEvent = 0,
2225 /* Automaitc reset event. */
2226 SynchronizationEvent
2227} EVENT_TYPE;
2228#endif
2229NTSYSAPI NTSTATUS NTAPI NtCreateEvent(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, EVENT_TYPE, BOOLEAN);
2230NTSYSAPI NTSTATUS NTAPI NtOpenEvent(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
2231typedef NTSYSAPI NTSTATUS (NTAPI *PFNNTCLEAREVENT)(HANDLE);
2232NTSYSAPI NTSTATUS NTAPI NtClearEvent(HANDLE);
2233NTSYSAPI NTSTATUS NTAPI NtResetEvent(HANDLE, PULONG);
2234NTSYSAPI NTSTATUS NTAPI NtSetEvent(HANDLE, PULONG);
2235typedef NTSYSAPI NTSTATUS (NTAPI *PFNNTSETEVENT)(HANDLE, PULONG);
2236typedef enum _EVENT_INFORMATION_CLASS
2237{
2238 EventBasicInformation = 0
2239} EVENT_INFORMATION_CLASS;
2240/** Data returned by NtQueryEvent + EventBasicInformation. */
2241typedef struct EVENT_BASIC_INFORMATION
2242{
2243 EVENT_TYPE EventType;
2244 ULONG EventState;
2245} EVENT_BASIC_INFORMATION;
2246typedef EVENT_BASIC_INFORMATION *PEVENT_BASIC_INFORMATION;
2247NTSYSAPI NTSTATUS NTAPI NtQueryEvent(HANDLE, EVENT_INFORMATION_CLASS, PVOID, ULONG, PULONG);
2248
2249#ifdef IPRT_NT_USE_WINTERNL
2250/** For NtQueryValueKey. */
2251typedef enum _KEY_VALUE_INFORMATION_CLASS
2252{
2253 KeyValueBasicInformation = 0,
2254 KeyValueFullInformation,
2255 KeyValuePartialInformation,
2256 KeyValueFullInformationAlign64,
2257 KeyValuePartialInformationAlign64
2258} KEY_VALUE_INFORMATION_CLASS;
2259
2260/** KeyValuePartialInformation and KeyValuePartialInformationAlign64 struct. */
2261typedef struct _KEY_VALUE_PARTIAL_INFORMATION
2262{
2263 ULONG TitleIndex;
2264 ULONG Type;
2265 ULONG DataLength;
2266 UCHAR Data[1];
2267} KEY_VALUE_PARTIAL_INFORMATION;
2268typedef KEY_VALUE_PARTIAL_INFORMATION *PKEY_VALUE_PARTIAL_INFORMATION;
2269#endif
2270NTSYSAPI NTSTATUS NTAPI NtOpenKey(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
2271NTSYSAPI NTSTATUS NTAPI NtQueryValueKey(HANDLE, PUNICODE_STRING, KEY_VALUE_INFORMATION_CLASS, PVOID, ULONG, PULONG);
2272
2273
2274NTSYSAPI NTSTATUS NTAPI RtlAddAccessDeniedAce(PACL, ULONG, ULONG, PSID);
2275
2276
2277typedef struct _CURDIR
2278{
2279 UNICODE_STRING DosPath;
2280 HANDLE Handle;
2281} CURDIR;
2282typedef CURDIR *PCURDIR;
2283
2284typedef struct _RTL_DRIVE_LETTER_CURDIR
2285{
2286 USHORT Flags;
2287 USHORT Length;
2288 ULONG TimeStamp;
2289 STRING DosPath; /**< Yeah, it's STRING according to dt ntdll!_RTL_DRIVE_LETTER_CURDIR. */
2290} RTL_DRIVE_LETTER_CURDIR;
2291typedef RTL_DRIVE_LETTER_CURDIR *PRTL_DRIVE_LETTER_CURDIR;
2292
2293typedef struct _RTL_USER_PROCESS_PARAMETERS
2294{
2295 ULONG MaximumLength;
2296 ULONG Length;
2297 ULONG Flags;
2298 ULONG DebugFlags;
2299 HANDLE ConsoleHandle;
2300 ULONG ConsoleFlags;
2301 HANDLE StandardInput;
2302 HANDLE StandardOutput;
2303 HANDLE StandardError;
2304 CURDIR CurrentDirectory;
2305 UNICODE_STRING DllPath;
2306 UNICODE_STRING ImagePathName;
2307 UNICODE_STRING CommandLine;
2308 PWSTR Environment;
2309 ULONG StartingX;
2310 ULONG StartingY;
2311 ULONG CountX;
2312 ULONG CountY;
2313 ULONG CountCharsX;
2314 ULONG CountCharsY;
2315 ULONG FillAttribute;
2316 ULONG WindowFlags;
2317 ULONG ShowWindowFlags;
2318 UNICODE_STRING WindowTitle;
2319 UNICODE_STRING DesktopInfo;
2320 UNICODE_STRING ShellInfo;
2321 UNICODE_STRING RuntimeInfo;
2322 RTL_DRIVE_LETTER_CURDIR CurrentDirectories[0x20];
2323 SIZE_T EnvironmentSize; /**< Added in Vista */
2324 SIZE_T EnvironmentVersion; /**< Added in Windows 7. */
2325 PVOID PackageDependencyData; /**< Added Windows 8? */
2326 ULONG ProcessGroupId; /**< Added Windows 8? */
2327} RTL_USER_PROCESS_PARAMETERS;
2328typedef RTL_USER_PROCESS_PARAMETERS *PRTL_USER_PROCESS_PARAMETERS;
2329#define RTL_USER_PROCESS_PARAMS_FLAG_NORMALIZED 1
2330
2331typedef struct _RTL_USER_PROCESS_INFORMATION
2332{
2333 ULONG Size;
2334 HANDLE ProcessHandle;
2335 HANDLE ThreadHandle;
2336 CLIENT_ID ClientId;
2337 SECTION_IMAGE_INFORMATION ImageInformation;
2338} RTL_USER_PROCESS_INFORMATION;
2339typedef RTL_USER_PROCESS_INFORMATION *PRTL_USER_PROCESS_INFORMATION;
2340
2341
2342NTSYSAPI NTSTATUS NTAPI RtlCreateUserProcess(PUNICODE_STRING, ULONG, PRTL_USER_PROCESS_PARAMETERS, PSECURITY_DESCRIPTOR,
2343 PSECURITY_DESCRIPTOR, HANDLE, BOOLEAN, HANDLE, HANDLE, PRTL_USER_PROCESS_INFORMATION);
2344NTSYSAPI NTSTATUS NTAPI RtlCreateProcessParameters(PRTL_USER_PROCESS_PARAMETERS *, PUNICODE_STRING ImagePathName,
2345 PUNICODE_STRING DllPath, PUNICODE_STRING CurrentDirectory,
2346 PUNICODE_STRING CommandLine, PUNICODE_STRING Environment,
2347 PUNICODE_STRING WindowTitle, PUNICODE_STRING DesktopInfo,
2348 PUNICODE_STRING ShellInfo, PUNICODE_STRING RuntimeInfo);
2349NTSYSAPI VOID NTAPI RtlDestroyProcessParameters(PRTL_USER_PROCESS_PARAMETERS);
2350NTSYSAPI NTSTATUS NTAPI RtlCreateUserThread(HANDLE, PSECURITY_DESCRIPTOR, BOOLEAN, ULONG, SIZE_T, SIZE_T,
2351 PFNRT, PVOID, PHANDLE, PCLIENT_ID);
2352
2353#ifndef RTL_CRITICAL_SECTION_FLAG_NO_DEBUG_INFO
2354typedef struct _RTL_CRITICAL_SECTION
2355{
2356 struct _RTL_CRITICAL_SECTION_DEBUG *DebugInfo;
2357 LONG LockCount;
2358 LONG Recursioncount;
2359 HANDLE OwningThread;
2360 HANDLE LockSemaphore;
2361 ULONG_PTR SpinCount;
2362} RTL_CRITICAL_SECTION;
2363typedef RTL_CRITICAL_SECTION *PRTL_CRITICAL_SECTION;
2364#endif
2365
2366RT_C_DECLS_END
2367/** @} */
2368
2369
2370#if defined(IN_RING0) || defined(DOXYGEN_RUNNING)
2371/** @name NT Kernel APIs
2372 * @{ */
2373RT_C_DECLS_BEGIN
2374
2375typedef ULONG KEPROCESSORINDEX; /**< Bitmap indexes != process numbers, apparently. */
2376
2377NTSYSAPI VOID NTAPI KeInitializeAffinityEx(PKAFFINITY_EX pAffinity);
2378typedef VOID (NTAPI *PFNKEINITIALIZEAFFINITYEX)(PKAFFINITY_EX pAffinity);
2379NTSYSAPI VOID NTAPI KeAddProcessorAffinityEx(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2380typedef VOID (NTAPI *PFNKEADDPROCESSORAFFINITYEX)(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2381NTSYSAPI VOID NTAPI KeRemoveProcessorAffinityEx(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2382typedef VOID (NTAPI *PFNKEREMOVEPROCESSORAFFINITYEX)(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2383NTSYSAPI BOOLEAN NTAPI KeInterlockedSetProcessorAffinityEx(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2384typedef BOOLEAN (NTAPI *PFNKEINTERLOCKEDSETPROCESSORAFFINITYEX)(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2385NTSYSAPI BOOLEAN NTAPI KeInterlockedClearProcessorAffinityEx(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2386typedef BOOLEAN (NTAPI *PFNKEINTERLOCKEDCLEARPROCESSORAFFINITYEX)(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2387NTSYSAPI BOOLEAN NTAPI KeCheckProcessorAffinityEx(PCKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2388typedef BOOLEAN (NTAPI *PFNKECHECKPROCESSORAFFINITYEX)(PCKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2389NTSYSAPI VOID NTAPI KeCopyAffinityEx(PKAFFINITY_EX pDst, PCKAFFINITY_EX pSrc);
2390typedef VOID (NTAPI *PFNKECOPYAFFINITYEX)(PKAFFINITY_EX pDst, PCKAFFINITY_EX pSrc);
2391NTSYSAPI VOID NTAPI KeComplementAffinityEx(PKAFFINITY_EX pResult, PCKAFFINITY_EX pIn);
2392typedef VOID (NTAPI *PFNKECOMPLEMENTAFFINITYEX)(PKAFFINITY_EX pResult, PCKAFFINITY_EX pIn);
2393NTSYSAPI BOOLEAN NTAPI KeAndAffinityEx(PCKAFFINITY_EX pIn1, PCKAFFINITY_EX pIn2, PKAFFINITY_EX pResult OPTIONAL);
2394typedef BOOLEAN (NTAPI *PFNKEANDAFFINITYEX)(PCKAFFINITY_EX pIn1, PCKAFFINITY_EX pIn2, PKAFFINITY_EX pResult OPTIONAL);
2395NTSYSAPI BOOLEAN NTAPI KeOrAffinityEx(PCKAFFINITY_EX pIn1, PCKAFFINITY_EX pIn2, PKAFFINITY_EX pResult OPTIONAL);
2396typedef BOOLEAN (NTAPI *PFNKEORAFFINITYEX)(PCKAFFINITY_EX pIn1, PCKAFFINITY_EX pIn2, PKAFFINITY_EX pResult OPTIONAL);
2397/** Works like anding the complemented subtrahend with the minuend. */
2398NTSYSAPI BOOLEAN NTAPI KeSubtractAffinityEx(PCKAFFINITY_EX pMinuend, PCKAFFINITY_EX pSubtrahend, PKAFFINITY_EX pResult OPTIONAL);
2399typedef BOOLEAN (NTAPI *PFNKESUBTRACTAFFINITYEX)(PCKAFFINITY_EX pMinuend, PCKAFFINITY_EX pSubtrahend, PKAFFINITY_EX pResult OPTIONAL);
2400NTSYSAPI BOOLEAN NTAPI KeIsEqualAffinityEx(PCKAFFINITY_EX pLeft, PCKAFFINITY_EX pRight);
2401typedef BOOLEAN (NTAPI *PFNKEISEQUALAFFINITYEX)(PCKAFFINITY_EX pLeft, PCKAFFINITY_EX pRight);
2402NTSYSAPI BOOLEAN NTAPI KeIsEmptyAffinityEx(PCKAFFINITY_EX pAffinity);
2403typedef BOOLEAN (NTAPI *PFNKEISEMPTYAFFINITYEX)(PCKAFFINITY_EX pAffinity);
2404NTSYSAPI BOOLEAN NTAPI KeIsSubsetAffinityEx(PCKAFFINITY_EX pSubset, PCKAFFINITY_EX pSuperSet);
2405typedef BOOLEAN (NTAPI *PFNKEISSUBSETAFFINITYEX)(PCKAFFINITY_EX pSubset, PCKAFFINITY_EX pSuperSet);
2406NTSYSAPI ULONG NTAPI KeCountSetBitsAffinityEx(PCKAFFINITY_EX pAffinity);
2407typedef ULONG (NTAPI *PFNKECOUNTSETAFFINITYEX)(PCKAFFINITY_EX pAffinity);
2408NTSYSAPI KEPROCESSORINDEX NTAPI KeFindFirstSetLeftAffinityEx(PCKAFFINITY_EX pAffinity);
2409typedef KEPROCESSORINDEX (NTAPI *PFNKEFINDFIRSTSETLEFTAFFINITYEX)(PCKAFFINITY_EX pAffinity);
2410typedef NTSTATUS (NTAPI *PFNKEGETPROCESSORNUMBERFROMINDEX)(KEPROCESSORINDEX idxProcessor, PPROCESSOR_NUMBER pProcNumber);
2411typedef KEPROCESSORINDEX (NTAPI *PFNKEGETPROCESSORINDEXFROMNUMBER)(const PROCESSOR_NUMBER *pProcNumber);
2412
2413NTSYSAPI BOOLEAN NTAPI ObFindHandleForObject(PEPROCESS pProcess, PVOID pvObject, POBJECT_TYPE pObjectType,
2414 PVOID pvOptionalConditions, PHANDLE phFound);
2415NTSYSAPI NTSTATUS NTAPI ObReferenceObjectByName(PUNICODE_STRING pObjectPath, ULONG fAttributes, PACCESS_STATE pAccessState,
2416 ACCESS_MASK fDesiredAccess, POBJECT_TYPE pObjectType,
2417 KPROCESSOR_MODE enmAccessMode, PVOID pvParseContext, PVOID *ppvObject);
2418NTSYSAPI HANDLE NTAPI PsGetProcessInheritedFromUniqueProcessId(PEPROCESS);
2419NTSYSAPI UCHAR * NTAPI PsGetProcessImageFileName(PEPROCESS);
2420NTSYSAPI BOOLEAN NTAPI PsIsProcessBeingDebugged(PEPROCESS);
2421NTSYSAPI ULONG NTAPI PsGetProcessSessionId(PEPROCESS);
2422extern DECLIMPORT(POBJECT_TYPE *) LpcPortObjectType; /**< In vista+ this is the ALPC port object type. */
2423extern DECLIMPORT(POBJECT_TYPE *) LpcWaitablePortObjectType; /**< In vista+ this is the ALPC port object type. */
2424
2425typedef VOID (NTAPI *PFNHALREQUESTIPI_PRE_W7)(KAFFINITY TargetSet);
2426typedef VOID (NTAPI *PFNHALREQUESTIPI_W7PLUS)(ULONG uUsuallyZero, PCKAFFINITY_EX pTargetSet);
2427
2428RT_C_DECLS_END
2429/** @ */
2430#endif /* IN_RING0 */
2431
2432
2433#if defined(IN_RING3) || defined(DOXYGEN_RUNNING)
2434/** @name NT Userland APIs
2435 * @{ */
2436RT_C_DECLS_BEGIN
2437
2438#if 0 /** @todo figure this out some time... */
2439typedef struct CSR_MSG_DATA_CREATED_PROCESS
2440{
2441 HANDLE hProcess;
2442 HANDLE hThread;
2443 CLIENT_ID
2444 DWORD idProcess;
2445 DWORD idThread;
2446 DWORD fCreate;
2447
2448} CSR_MSG_DATA_CREATED_PROCESS;
2449
2450#define CSR_MSG_NO_CREATED_PROCESS UINT32_C(0x10000)
2451#define CSR_MSG_NO_CREATED_THREAD UINT32_C(0x10001)
2452NTSYSAPI NTSTATUS NTAPI CsrClientCallServer(PVOID, PVOID, ULONG, SIZE_T);
2453#endif
2454
2455NTSYSAPI VOID NTAPI LdrInitializeThunk(PVOID, PVOID, PVOID);
2456
2457typedef struct _LDR_DLL_LOADED_NOTIFICATION_DATA
2458{
2459 ULONG Flags;
2460 PCUNICODE_STRING FullDllName;
2461 PCUNICODE_STRING BaseDllName;
2462 PVOID DllBase;
2463 ULONG SizeOfImage;
2464} LDR_DLL_LOADED_NOTIFICATION_DATA, LDR_DLL_UNLOADED_NOTIFICATION_DATA;
2465typedef LDR_DLL_LOADED_NOTIFICATION_DATA *PLDR_DLL_LOADED_NOTIFICATION_DATA, *PLDR_DLL_UNLOADED_NOTIFICATION_DATA;
2466typedef LDR_DLL_LOADED_NOTIFICATION_DATA const *PCLDR_DLL_LOADED_NOTIFICATION_DATA, *PCLDR_DLL_UNLOADED_NOTIFICATION_DATA;
2467
2468typedef union _LDR_DLL_NOTIFICATION_DATA
2469{
2470 LDR_DLL_LOADED_NOTIFICATION_DATA Loaded;
2471 LDR_DLL_UNLOADED_NOTIFICATION_DATA Unloaded;
2472} LDR_DLL_NOTIFICATION_DATA;
2473typedef LDR_DLL_NOTIFICATION_DATA *PLDR_DLL_NOTIFICATION_DATA;
2474typedef LDR_DLL_NOTIFICATION_DATA const *PCLDR_DLL_NOTIFICATION_DATA;
2475
2476typedef VOID (NTAPI *PLDR_DLL_NOTIFICATION_FUNCTION)(ULONG ulReason, PCLDR_DLL_NOTIFICATION_DATA pData, PVOID pvUser);
2477
2478#define LDR_DLL_NOTIFICATION_REASON_LOADED UINT32_C(1)
2479#define LDR_DLL_NOTIFICATION_REASON_UNLOADED UINT32_C(2)
2480NTSYSAPI NTSTATUS NTAPI LdrRegisterDllNotification(ULONG fFlags, PLDR_DLL_NOTIFICATION_FUNCTION pfnCallback, PVOID pvUser,
2481 PVOID *pvCookie);
2482typedef NTSTATUS (NTAPI *PFNLDRREGISTERDLLNOTIFICATION)(ULONG, PLDR_DLL_NOTIFICATION_FUNCTION, PVOID, PVOID *);
2483NTSYSAPI NTSTATUS NTAPI LdrUnregisterDllNotification(PVOID pvCookie);
2484typedef NTSTATUS (NTAPI *PFNLDRUNREGISTERDLLNOTIFICATION)(PVOID);
2485
2486NTSYSAPI NTSTATUS NTAPI LdrLoadDll(IN PWSTR pwszSearchPathOrFlags OPTIONAL, IN PULONG pfFlags OPTIONAL,
2487 IN PCUNICODE_STRING pName, OUT PHANDLE phMod);
2488typedef NTSTATUS (NTAPI *PFNLDRLOADDLL)(IN PWSTR pwszSearchPathOrFlags OPTIONAL, IN PULONG pfFlags OPTIONAL,
2489 IN PCUNICODE_STRING pName, OUT PHANDLE phMod);
2490NTSYSAPI NTSTATUS NTAPI LdrUnloadDll(IN HANDLE hMod);
2491typedef NTSTATUS (NTAPI *PFNLDRUNLOADDLL)(IN HANDLE hMod);
2492NTSYSAPI NTSTATUS NTAPI LdrGetDllHandle(IN PCWSTR pwszDllPath OPTIONAL, IN PULONG pfFlags OPTIONAL,
2493 IN PCUNICODE_STRING pName, OUT PHANDLE phDll);
2494typedef NTSTATUS (NTAPI *PFNLDRGETDLLHANDLE)(IN PCWSTR pwszDllPath OPTIONAL, IN PULONG pfFlags OPTIONAL,
2495 IN PCUNICODE_STRING pName, OUT PHANDLE phDll);
2496#define LDRGETDLLHANDLEEX_F_UNCHANGED_REFCOUNT RT_BIT_32(0)
2497#define LDRGETDLLHANDLEEX_F_PIN RT_BIT_32(1)
2498/** @since Windows XP. */
2499NTSYSAPI NTSTATUS NTAPI LdrGetDllHandleEx(IN ULONG fFlags, IN PCWSTR pwszDllPath OPTIONAL, IN PULONG pfFlags OPTIONAL,
2500 IN PCUNICODE_STRING pName, OUT PHANDLE phDll);
2501/** @since Windows XP. */
2502typedef NTSTATUS (NTAPI *PFNLDRGETDLLHANDLEEX)(IN ULONG fFlags, IN PCWSTR pwszDllPath OPTIONAL, IN PULONG pfFlags OPTIONAL,
2503 IN PCUNICODE_STRING pName, OUT PHANDLE phDll);
2504/** @since Windows 7. */
2505NTSYSAPI NTSTATUS NTAPI LdrGetDllHandleByMapping(IN PVOID pvBase, OUT PHANDLE phDll);
2506/** @since Windows 7. */
2507typedef NTSTATUS (NTAPI *PFNLDRGETDLLHANDLEBYMAPPING)(IN PVOID pvBase, OUT PHANDLE phDll);
2508/** @since Windows 7. */
2509NTSYSAPI NTSTATUS NTAPI LdrGetDllHandleByName(IN PCUNICODE_STRING pName OPTIONAL, IN PCUNICODE_STRING pFullName OPTIONAL,
2510 OUT PHANDLE phDll);
2511/** @since Windows 7. */
2512typedef NTSTATUS (NTAPI *PFNLDRGETDLLHANDLEBYNAME)(IN PCUNICODE_STRING pName OPTIONAL, IN PCUNICODE_STRING pFullName OPTIONAL,
2513 OUT PHANDLE phDll);
2514#define LDRADDREFDLL_F_PIN RT_BIT_32(0)
2515NTSYSAPI NTSTATUS NTAPI LdrAddRefDll(IN ULONG fFlags, IN HANDLE hDll);
2516typedef NTSTATUS (NTAPI *PFNLDRADDREFDLL)(IN ULONG fFlags, IN HANDLE hDll);
2517NTSYSAPI NTSTATUS NTAPI LdrGetProcedureAddress(IN HANDLE hDll, IN ANSI_STRING const *pSymbol OPTIONAL,
2518 IN ULONG uOrdinal OPTIONAL, OUT PVOID *ppvSymbol);
2519typedef NTSTATUS (NTAPI *PFNLDRGETPROCEDUREADDRESS)(IN HANDLE hDll, IN PCANSI_STRING pSymbol OPTIONAL,
2520 IN ULONG uOrdinal OPTIONAL, OUT PVOID *ppvSymbol);
2521#define LDRGETPROCEDUREADDRESSEX_F_DONT_RECORD_FORWARDER RT_BIT_32(0)
2522/** @since Windows Vista. */
2523NTSYSAPI NTSTATUS NTAPI LdrGetProcedureAddressEx(IN HANDLE hDll, IN ANSI_STRING const *pSymbol OPTIONAL,
2524 IN ULONG uOrdinal OPTIONAL, OUT PVOID *ppvSymbol, ULONG fFlags);
2525/** @since Windows Vista. */
2526typedef NTSTATUS (NTAPI *PFNLDRGETPROCEDUREADDRESSEX)(IN HANDLE hDll, IN ANSI_STRING const *pSymbol OPTIONAL,
2527 IN ULONG uOrdinal OPTIONAL, OUT PVOID *ppvSymbol, ULONG fFlags);
2528#define LDRLOCKLOADERLOCK_F_RAISE_ERRORS RT_BIT_32(0)
2529#define LDRLOCKLOADERLOCK_F_NO_WAIT RT_BIT_32(1)
2530#define LDRLOCKLOADERLOCK_DISP_INVALID UINT32_C(0)
2531#define LDRLOCKLOADERLOCK_DISP_ACQUIRED UINT32_C(1)
2532#define LDRLOCKLOADERLOCK_DISP_NOT_ACQUIRED UINT32_C(2)
2533/** @since Windows XP. */
2534NTSYSAPI NTSTATUS NTAPI LdrLockLoaderLock(IN ULONG fFlags, OUT PULONG puDisposition OPTIONAL, OUT PVOID *ppvCookie);
2535/** @since Windows XP. */
2536typedef NTSTATUS (NTAPI *PFNLDRLOCKLOADERLOCK)(IN ULONG fFlags, OUT PULONG puDisposition OPTIONAL, OUT PVOID *ppvCookie);
2537#define LDRUNLOCKLOADERLOCK_F_RAISE_ERRORS RT_BIT_32(0)
2538/** @since Windows XP. */
2539NTSYSAPI NTSTATUS NTAPI LdrUnlockLoaderLock(IN ULONG fFlags, OUT PVOID pvCookie);
2540/** @since Windows XP. */
2541typedef NTSTATUS (NTAPI *PFNLDRUNLOCKLOADERLOCK)(IN ULONG fFlags, OUT PVOID pvCookie);
2542
2543NTSYSAPI NTSTATUS NTAPI RtlExpandEnvironmentStrings_U(PVOID, PUNICODE_STRING, PUNICODE_STRING, PULONG);
2544NTSYSAPI VOID NTAPI RtlExitUserProcess(NTSTATUS rcExitCode); /**< Vista and later. */
2545NTSYSAPI VOID NTAPI RtlExitUserThread(NTSTATUS rcExitCode);
2546NTSYSAPI NTSTATUS NTAPI RtlDosApplyFileIsolationRedirection_Ustr(IN ULONG fFlags,
2547 IN PCUNICODE_STRING pOrgName,
2548 IN PUNICODE_STRING pDefaultSuffix,
2549 IN OUT PUNICODE_STRING pStaticString,
2550 IN OUT PUNICODE_STRING pDynamicString,
2551 IN OUT PUNICODE_STRING *ppResultString,
2552 IN PULONG pfNewFlags OPTIONAL,
2553 IN PSIZE_T pcbFilename OPTIONAL,
2554 IN PSIZE_T pcbNeeded OPTIONAL);
2555
2556# ifdef IPRT_NT_USE_WINTERNL
2557typedef NTSTATUS NTAPI RTL_HEAP_COMMIT_ROUTINE(PVOID, PVOID *, PSIZE_T);
2558typedef RTL_HEAP_COMMIT_ROUTINE *PRTL_HEAP_COMMIT_ROUTINE;
2559typedef struct _RTL_HEAP_PARAMETERS
2560{
2561 ULONG Length;
2562 SIZE_T SegmentReserve;
2563 SIZE_T SegmentCommit;
2564 SIZE_T DeCommitFreeBlockThreshold;
2565 SIZE_T DeCommitTotalFreeThreshold;
2566 SIZE_T MaximumAllocationSize;
2567 SIZE_T VirtualMemoryThreshold;
2568 SIZE_T InitialCommit;
2569 SIZE_T InitialReserve;
2570 PRTL_HEAP_COMMIT_ROUTINE CommitRoutine;
2571 SIZE_T Reserved[2];
2572} RTL_HEAP_PARAMETERS;
2573typedef RTL_HEAP_PARAMETERS *PRTL_HEAP_PARAMETERS;
2574NTSYSAPI PVOID NTAPI RtlCreateHeap(ULONG fFlags, PVOID pvHeapBase, SIZE_T cbReserve, SIZE_T cbCommit, PVOID pvLock,
2575 PRTL_HEAP_PARAMETERS pParameters);
2576/** @name Heap flags (for RtlCreateHeap).
2577 * @{ */
2578/*# define HEAP_NO_SERIALIZE UINT32_C(0x00000001)
2579# define HEAP_GROWABLE UINT32_C(0x00000002)
2580# define HEAP_GENERATE_EXCEPTIONS UINT32_C(0x00000004)
2581# define HEAP_ZERO_MEMORY UINT32_C(0x00000008)
2582# define HEAP_REALLOC_IN_PLACE_ONLY UINT32_C(0x00000010)
2583# define HEAP_TAIL_CHECKING_ENABLED UINT32_C(0x00000020)
2584# define HEAP_FREE_CHECKING_ENABLED UINT32_C(0x00000040)
2585# define HEAP_DISABLE_COALESCE_ON_FREE UINT32_C(0x00000080)*/
2586# define HEAP_SETTABLE_USER_VALUE UINT32_C(0x00000100)
2587# define HEAP_SETTABLE_USER_FLAG1 UINT32_C(0x00000200)
2588# define HEAP_SETTABLE_USER_FLAG2 UINT32_C(0x00000400)
2589# define HEAP_SETTABLE_USER_FLAG3 UINT32_C(0x00000800)
2590# define HEAP_SETTABLE_USER_FLAGS UINT32_C(0x00000e00)
2591# define HEAP_CLASS_0 UINT32_C(0x00000000)
2592# define HEAP_CLASS_1 UINT32_C(0x00001000)
2593# define HEAP_CLASS_2 UINT32_C(0x00002000)
2594# define HEAP_CLASS_3 UINT32_C(0x00003000)
2595# define HEAP_CLASS_4 UINT32_C(0x00004000)
2596# define HEAP_CLASS_5 UINT32_C(0x00005000)
2597# define HEAP_CLASS_6 UINT32_C(0x00006000)
2598# define HEAP_CLASS_7 UINT32_C(0x00007000)
2599# define HEAP_CLASS_8 UINT32_C(0x00008000)
2600# define HEAP_CLASS_MASK UINT32_C(0x0000f000)
2601# endif
2602# define HEAP_CLASS_PROCESS HEAP_CLASS_0
2603# define HEAP_CLASS_PRIVATE HEAP_CLASS_1
2604# define HEAP_CLASS_KERNEL HEAP_CLASS_2
2605# define HEAP_CLASS_GDI HEAP_CLASS_3
2606# define HEAP_CLASS_USER HEAP_CLASS_4
2607# define HEAP_CLASS_CONSOLE HEAP_CLASS_5
2608# define HEAP_CLASS_USER_DESKTOP HEAP_CLASS_6
2609# define HEAP_CLASS_CSRSS_SHARED HEAP_CLASS_7
2610# define HEAP_CLASS_CSRSS_PORT HEAP_CLASS_8
2611# ifdef IPRT_NT_USE_WINTERNL
2612/*# define HEAP_CREATE_ALIGN_16 UINT32_C(0x00010000)
2613# define HEAP_CREATE_ENABLE_TRACING UINT32_C(0x00020000)
2614# define HEAP_CREATE_ENABLE_EXECUTE UINT32_C(0x00040000)*/
2615# define HEAP_CREATE_VALID_MASK UINT32_C(0x0007f0ff)
2616# endif /* IPRT_NT_USE_WINTERNL */
2617/** @} */
2618# ifdef IPRT_NT_USE_WINTERNL
2619/** @name Heap tagging constants
2620 * @{ */
2621# define HEAP_GLOBAL_TAG UINT32_C(0x00000800)
2622/*# define HEAP_MAXIMUM_TAG UINT32_C(0x00000fff)
2623# define HEAP_PSEUDO_TAG_FLAG UINT32_C(0x00008000)
2624# define HEAP_TAG_SHIFT 18 */
2625# define HEAP_TAG_MASK (HEAP_MAXIMUM_TAG << HEAP_TAG_SHIFT)
2626/** @} */
2627NTSYSAPI PVOID NTAPI RtlAllocateHeap(HANDLE hHeap, ULONG fFlags, SIZE_T cb);
2628NTSYSAPI PVOID NTAPI RtlReAllocateHeap(HANDLE hHeap, ULONG fFlags, PVOID pvOld, SIZE_T cbNew);
2629NTSYSAPI BOOLEAN NTAPI RtlFreeHeap(HANDLE hHeap, ULONG fFlags, PVOID pvMem);
2630# endif /* IPRT_NT_USE_WINTERNL */
2631NTSYSAPI SIZE_T NTAPI RtlCompactHeap(HANDLE hHeap, ULONG fFlags);
2632NTSYSAPI VOID NTAPI RtlFreeUnicodeString(PUNICODE_STRING);
2633NTSYSAPI SIZE_T NTAPI RtlSizeHeap(HANDLE hHeap, ULONG fFlags, PVOID pvMem);
2634NTSYSAPI NTSTATUS NTAPI RtlGetLastNtStatus(VOID);
2635NTSYSAPI ULONG NTAPI RtlGetLastWin32Error(VOID);
2636NTSYSAPI VOID NTAPI RtlSetLastWin32Error(ULONG uError);
2637NTSYSAPI VOID NTAPI RtlSetLastWin32ErrorAndNtStatusFromNtStatus(NTSTATUS rcNt);
2638NTSYSAPI VOID NTAPI RtlRestoreLastWin32Error(ULONG uError);
2639NTSYSAPI BOOLEAN NTAPI RtlQueryPerformanceCounter(PLARGE_INTEGER);
2640NTSYSAPI uint64_t NTAPI RtlGetSystemTimePrecise(VOID);
2641typedef uint64_t (NTAPI * PFNRTLGETSYSTEMTIMEPRECISE)(VOID);
2642
2643RT_C_DECLS_END
2644/** @} */
2645#endif /* IN_RING3 */
2646
2647#endif
2648
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette